Google Git
Sign in
qemu-android/qemu-android/97679527bf2f002225d08cfb93f840cef449ac0e^!/.
commit
97679527bf2f002225d08cfb93f840cef449ac0e
[log]
author
Avi Kivity <avi@redhat.com>
Sun May 09 14:51:13 2010 +0300
committer
Aurelien Jarno <aurelien@aurel32.net>
Fri May 28 21:33:59 2010 +0200
tree
10658c03eeb795084ff06a269326a7432cb94ba4
parent
9ba8c3f41d47f2051ea4bdb7156978f941ea7324 [diff]
Fix overflow in i440fx_init()

The ram_size parameter can be larger than an int, so it may be truncated.

Fix by using the correct type.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

diff --git a/hw/pc.h b/hw/pc.h
index 73cccef..0e52933 100644
--- a/hw/pc.h
+++ b/hw/pc.h

@@ -135,7 +135,7 @@
 struct PCII440FXState;
 typedef struct PCII440FXState PCII440FXState;
 
-PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix_devfn, qemu_irq *pic, int ram_size);
+PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix_devfn, qemu_irq *pic, ram_addr_t ram_size);
 void i440fx_init_memory_mappings(PCII440FXState *d);
 
 /* piix4.c */

diff --git a/hw/piix_pci.c b/hw/piix_pci.c
index aff7f6d..d14d05e 100644
--- a/hw/piix_pci.c
+++ b/hw/piix_pci.c

@@ -216,7 +216,7 @@
     return 0;
 }
 
-PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix3_devfn, qemu_irq *pic, int ram_size)
+PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix3_devfn, qemu_irq *pic, ram_addr_t ram_size)
 {
     DeviceState *dev;
     PCIBus *b;