)]}'
{
  "commit": "37d2bcbc2a4e9c2e9061bec72a32c7e49b9f81ec",
  "tree": "b622e7bf0ab92ad37f2508cdb66c912a2fc61c27",
  "parents": [
    "62bdb8871512076841f4464f7e26efdc7783f78d"
  ],
  "author": {
    "name": "Akihiko Odaki",
    "email": "akihiko.odaki@daynix.com",
    "time": "Tue Jan 31 12:00:37 2023 +0900"
  },
  "committer": {
    "name": "Michael S. Tsirkin",
    "email": "mst@redhat.com",
    "time": "Thu Mar 02 03:10:47 2023 -0500"
  },
  "message": "hw/timer/hpet: Fix expiration time overflow\n\nThe expiration time provided for timer_mod() can overflow if a\nridiculously large value is set to the comparator register. The\nresulting value can represent a past time after rounded, forcing the\ntimer to fire immediately. If the timer is configured as periodic, it\nwill rearm the timer again, and form an endless loop.\n\nCheck if the expiration value will overflow, and if it will, stop the\ntimer instead of rearming the timer with the overflowed time.\n\nThis bug was found by Alexander Bulekov when fuzzing igb, a new\nnetwork device emulation:\nhttps://patchew.org/QEMU/20230129053316.1071513-1-alxndr@bu.edu/\n\nThe fixed test case is:\nfuzz/crash_2d7036941dcda1ad4380bb8a9174ed0c949bcefd\n\nFixes: 16b29ae180 (\"Add HPET emulation to qemu (Beth Kon)\")\nSigned-off-by: Akihiko Odaki \u003cakihiko.odaki@daynix.com\u003e\nAcked-by: Michael S. Tsirkin \u003cmst@redhat.com\u003e\nMessage-Id: \u003c20230131030037.18856-1-akihiko.odaki@daynix.com\u003e\nReviewed-by: Michael S. Tsirkin \u003cmst@redhat.com\u003e\nSigned-off-by: Michael S. Tsirkin \u003cmst@redhat.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "214d6a0501310cd890b8139ebc846b7a8bc3c1ca",
      "old_mode": 33188,
      "old_path": "hw/timer/hpet.c",
      "new_id": "6998094233a7dbd3d3faa9ad1ea114c330fdc04e",
      "new_mode": 33188,
      "new_path": "hw/timer/hpet.c"
    }
  ]
}
