From 97679527bf2f002225d08cfb93f840cef449ac0e Mon Sep 17 00:00:00 2001
From: Avi Kivity <avi@redhat.com>
Date: Sun, 9 May 2010 14:51:13 +0300
Subject: [PATCH] Fix overflow in i440fx_init()

The ram_size parameter can be larger than an int, so it may be truncated.

Fix by using the correct type.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
---
 hw/pc.h       | 2 +-
 hw/piix_pci.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/pc.h b/hw/pc.h
index 73cccefff7..0e52933eeb 100644
--- a/hw/pc.h
+++ b/hw/pc.h
@@ -135,7 +135,7 @@ int pcspk_audio_init(qemu_irq *pic);
 struct PCII440FXState;
 typedef struct PCII440FXState PCII440FXState;
 
-PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix_devfn, qemu_irq *pic, int ram_size);
+PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix_devfn, qemu_irq *pic, ram_addr_t ram_size);
 void i440fx_init_memory_mappings(PCII440FXState *d);
 
 /* piix4.c */
diff --git a/hw/piix_pci.c b/hw/piix_pci.c
index aff7f6d467..d14d05e1f8 100644
--- a/hw/piix_pci.c
+++ b/hw/piix_pci.c
@@ -216,7 +216,7 @@ static int i440fx_initfn(PCIDevice *dev)
     return 0;
 }
 
-PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix3_devfn, qemu_irq *pic, int ram_size)
+PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix3_devfn, qemu_irq *pic, ram_addr_t ram_size)
 {
     DeviceState *dev;
     PCIBus *b;