diff options
| author | Avi Kivity | 2010-05-09 13:51:13 +0200 |
|---|---|---|
| committer | Aurelien Jarno | 2010-05-28 21:33:59 +0200 |
| commit | 97679527bf2f002225d08cfb93f840cef449ac0e (patch) | |
| tree | 10658c03eeb795084ff06a269326a7432cb94ba4 | |
| parent | arm: prevent coprocessor IO reset (diff) | |
| download | qemu-97679527bf2f002225d08cfb93f840cef449ac0e.tar.gz qemu-97679527bf2f002225d08cfb93f840cef449ac0e.tar.xz qemu-97679527bf2f002225d08cfb93f840cef449ac0e.zip | |
Fix overflow in i440fx_init()
The ram_size parameter can be larger than an int, so it may be truncated.
Fix by using the correct type.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
| -rw-r--r-- | hw/pc.h | 2 | ||||
| -rw-r--r-- | hw/piix_pci.c | 2 |
2 files changed, 2 insertions, 2 deletions
@@ -135,7 +135,7 @@ int pcspk_audio_init(qemu_irq *pic); struct PCII440FXState; typedef struct PCII440FXState PCII440FXState; -PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix_devfn, qemu_irq *pic, int ram_size); +PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix_devfn, qemu_irq *pic, ram_addr_t ram_size); void i440fx_init_memory_mappings(PCII440FXState *d); /* piix4.c */ diff --git a/hw/piix_pci.c b/hw/piix_pci.c index aff7f6d467..d14d05e1f8 100644 --- a/hw/piix_pci.c +++ b/hw/piix_pci.c @@ -216,7 +216,7 @@ static int i440fx_initfn(PCIDevice *dev) return 0; } -PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix3_devfn, qemu_irq *pic, int ram_size) +PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix3_devfn, qemu_irq *pic, ram_addr_t ram_size) { DeviceState *dev; PCIBus *b; |