diff options
| author | Luke T. Shumaker <lukeshu@lukeshu.com> | 2025-04-22 18:51:59 -0600 |
|---|---|---|
| committer | Luke T. Shumaker <lukeshu@lukeshu.com> | 2025-05-06 11:53:17 -0600 |
| commit | 24e5d0ec1219e2dbb4b9510ef20833092a2b3871 (patch) | |
| tree | 01bbcc34c6190fa1c35b2625e9ba1744b1447606 /cmd/sbc_harness/fs_harness_flash_bin.c | |
| parent | f09b7435b3a5222597d27238226d23ec0cbd5bd2 (diff) | |
wip: Build with -Wconversionlukeshu/safe-conversion
I think this found a real bug in the dhcp packet parser.
I don't think anything called lib9p_str{,n}() values that could be big
enough, but their bounds-checking was broken.
Diffstat (limited to 'cmd/sbc_harness/fs_harness_flash_bin.c')
| -rw-r--r-- | cmd/sbc_harness/fs_harness_flash_bin.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/cmd/sbc_harness/fs_harness_flash_bin.c b/cmd/sbc_harness/fs_harness_flash_bin.c index f353ddd..4ca1d04 100644 --- a/cmd/sbc_harness/fs_harness_flash_bin.c +++ b/cmd/sbc_harness/fs_harness_flash_bin.c @@ -222,17 +222,19 @@ static void flash_file_iofree(struct flash_file *self) { } static void flash_file_pread(struct flash_file *self, struct lib9p_srv_ctx *ctx, - uint32_t byte_count, uint64_t byte_offset, + uint32_t byte_count, uint64_t _byte_offset, struct iovec *ret) { assert(self); assert(ctx); assert(ret); - if (byte_offset > DATA_SIZE) { + if (_byte_offset > DATA_SIZE) { lib9p_error(&ctx->basectx, LIB9P_ERRNO_L_EINVAL, "offset is past the chip size"); return; } + static_assert(DATA_SIZE < SIZE_MAX); + size_t byte_offset = LM_SAFEDOWNCAST(size_t, _byte_offset); /* Assume that somewhere down the line the iovec we return * will be passed to DMA. We don't want the DMA engine to hit @@ -270,22 +272,24 @@ static void flash_file_pread(struct flash_file *self, struct lib9p_srv_ctx *ctx, static uint32_t flash_file_pwrite(struct flash_file *self, struct lib9p_srv_ctx *ctx, void *buf, uint32_t byte_count, - uint64_t byte_offset) { + uint64_t _byte_offset) { assert(self); assert(ctx); - if (byte_offset > DATA_HSIZE) { + if (_byte_offset > DATA_HSIZE) { lib9p_error(&ctx->basectx, LIB9P_ERRNO_L_EINVAL, "offset is past half the chip size"); return 0; } if (byte_count == 0) return 0; - if (byte_offset == DATA_HSIZE) { + if (_byte_offset == DATA_HSIZE) { lib9p_error(&ctx->basectx, LIB9P_ERRNO_L_EINVAL, "offset is at half the chip size"); return 0; } + static_assert(DATA_SIZE < SIZE_MAX); + size_t byte_offset = LM_SAFEDOWNCAST(size_t, _byte_offset); size_t sector_base = LM_ROUND_DOWN(byte_offset, FLASH_SECTOR_SIZE); if (byte_offset + byte_count > sector_base + FLASH_SECTOR_SIZE) |