From 4f76b3d9bb1a5b16166217b46a5f50b3a7c2f5a8 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Wed, 19 Oct 2022 18:20:13 +0800 Subject: util/main-loop: Fix maximum number of wait objects for win32 The maximum number of wait objects for win32 should be MAXIMUM_WAIT_OBJECTS, not MAXIMUM_WAIT_OBJECTS + 1. Signed-off-by: Bin Meng Message-Id: <20221019102015.2441622-1-bmeng.cn@gmail.com> Signed-off-by: Paolo Bonzini --- util/main-loop.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'util/main-loop.c') diff --git a/util/main-loop.c b/util/main-loop.c index f00a25451b..de38876064 100644 --- a/util/main-loop.c +++ b/util/main-loop.c @@ -363,10 +363,10 @@ void qemu_del_polling_cb(PollingFunc *func, void *opaque) /* Wait objects support */ typedef struct WaitObjects { int num; - int revents[MAXIMUM_WAIT_OBJECTS + 1]; - HANDLE events[MAXIMUM_WAIT_OBJECTS + 1]; - WaitObjectFunc *func[MAXIMUM_WAIT_OBJECTS + 1]; - void *opaque[MAXIMUM_WAIT_OBJECTS + 1]; + int revents[MAXIMUM_WAIT_OBJECTS]; + HANDLE events[MAXIMUM_WAIT_OBJECTS]; + WaitObjectFunc *func[MAXIMUM_WAIT_OBJECTS]; + void *opaque[MAXIMUM_WAIT_OBJECTS]; } WaitObjects; static WaitObjects wait_objects = {0}; @@ -395,7 +395,7 @@ void qemu_del_wait_object(HANDLE handle, WaitObjectFunc *func, void *opaque) if (w->events[i] == handle) { found = 1; } - if (found) { + if (found && i < (MAXIMUM_WAIT_OBJECTS - 1)) { w->events[i] = w->events[i + 1]; w->func[i] = w->func[i + 1]; w->opaque[i] = w->opaque[i + 1]; -- cgit 1.4.1 From d393b0a176068c41cc08f41c245721ed9ca91d30 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Wed, 19 Oct 2022 18:20:14 +0800 Subject: util/main-loop: Avoid adding the same HANDLE twice Fix the logic in qemu_add_wait_object() to avoid adding the same HANDLE twice, as the behavior is undefined when passing an array that contains same HANDLEs to WaitForMultipleObjects() API. Signed-off-by: Bin Meng Message-Id: <20221019102015.2441622-2-bmeng.cn@gmail.com> Signed-off-by: Paolo Bonzini --- include/qemu/main-loop.h | 2 ++ util/main-loop.c | 10 ++++++++++ 2 files changed, 12 insertions(+) (limited to 'util/main-loop.c') diff --git a/include/qemu/main-loop.h b/include/qemu/main-loop.h index aac707d073..3c9a9a982d 100644 --- a/include/qemu/main-loop.h +++ b/include/qemu/main-loop.h @@ -157,6 +157,8 @@ typedef void WaitObjectFunc(void *opaque); * in the main loop's calls to WaitForMultipleObjects. When the handle * is in a signaled state, QEMU will call @func. * + * If the same HANDLE is added twice, this function returns -1. + * * @handle: The Windows handle to be observed. * @func: A function to be called when @handle is in a signaled state. * @opaque: A pointer-size value that is passed to @func. diff --git a/util/main-loop.c b/util/main-loop.c index de38876064..10fa74c6e3 100644 --- a/util/main-loop.c +++ b/util/main-loop.c @@ -373,10 +373,20 @@ static WaitObjects wait_objects = {0}; int qemu_add_wait_object(HANDLE handle, WaitObjectFunc *func, void *opaque) { + int i; WaitObjects *w = &wait_objects; + if (w->num >= MAXIMUM_WAIT_OBJECTS) { return -1; } + + for (i = 0; i < w->num; i++) { + /* check if the same handle is added twice */ + if (w->events[i] == handle) { + return -1; + } + } + w->events[w->num] = handle; w->func[w->num] = func; w->opaque[w->num] = opaque; -- cgit 1.4.1