On 07.07.2021 17:54, Rroach wrote: > Hi, sorry about the late respond. I tried your suggestion, it works. I'm kind > of surprised too, since such problem should exposed long time ago. > > > I looked deep into your suggestion. I believe you were right about it, since > p - ctxt->io_emul_stub won't overflow and the pointer overflow is > likely to happen in stub_va + p > or ctxt->io_emul_stub. > > > Andrew's suggestion works perhaps it the long variable allows the expression > to store more bytes,
Xen (as much as e.g. Linux and I think most other Unix-es) assumes sizeof(void*) and sizeof(long) to be the same. > however in long term it may not be a solid solution. So alternative should we > take both of the advise that using > + long disp = (long)(f) - (long)(stub_va + (p - ctxt->io_emul_stub) > + 5); \ > as a fix patch I don't think so - we try to avoid casts wherever they're not strictly needed. Btw, to record you in an eventual patch with a Reported-by, would you mind providing your real name and maybe a less temporary-looking email address? Jan
