diff options
| author | Luke T. Shumaker <lukeshu@lukeshu.com> | 2025-04-22 18:51:59 -0600 |
|---|---|---|
| committer | Luke T. Shumaker <lukeshu@lukeshu.com> | 2025-05-06 11:53:17 -0600 |
| commit | 24e5d0ec1219e2dbb4b9510ef20833092a2b3871 (patch) | |
| tree | 01bbcc34c6190fa1c35b2625e9ba1744b1447606 /cmd | |
| parent | f09b7435b3a5222597d27238226d23ec0cbd5bd2 (diff) | |
wip: Build with -Wconversionlukeshu/safe-conversion
I think this found a real bug in the dhcp packet parser.
I don't think anything called lib9p_str{,n}() values that could be big
enough, but their bounds-checking was broken.
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/sbc_harness/fs_harness_flash_bin.c | 14 | ||||
| -rw-r--r-- | cmd/sbc_harness/fs_harness_uptime_txt.c | 6 |
2 files changed, 12 insertions, 8 deletions
diff --git a/cmd/sbc_harness/fs_harness_flash_bin.c b/cmd/sbc_harness/fs_harness_flash_bin.c index f353ddd..4ca1d04 100644 --- a/cmd/sbc_harness/fs_harness_flash_bin.c +++ b/cmd/sbc_harness/fs_harness_flash_bin.c @@ -222,17 +222,19 @@ static void flash_file_iofree(struct flash_file *self) { } static void flash_file_pread(struct flash_file *self, struct lib9p_srv_ctx *ctx, - uint32_t byte_count, uint64_t byte_offset, + uint32_t byte_count, uint64_t _byte_offset, struct iovec *ret) { assert(self); assert(ctx); assert(ret); - if (byte_offset > DATA_SIZE) { + if (_byte_offset > DATA_SIZE) { lib9p_error(&ctx->basectx, LIB9P_ERRNO_L_EINVAL, "offset is past the chip size"); return; } + static_assert(DATA_SIZE < SIZE_MAX); + size_t byte_offset = LM_SAFEDOWNCAST(size_t, _byte_offset); /* Assume that somewhere down the line the iovec we return * will be passed to DMA. We don't want the DMA engine to hit @@ -270,22 +272,24 @@ static void flash_file_pread(struct flash_file *self, struct lib9p_srv_ctx *ctx, static uint32_t flash_file_pwrite(struct flash_file *self, struct lib9p_srv_ctx *ctx, void *buf, uint32_t byte_count, - uint64_t byte_offset) { + uint64_t _byte_offset) { assert(self); assert(ctx); - if (byte_offset > DATA_HSIZE) { + if (_byte_offset > DATA_HSIZE) { lib9p_error(&ctx->basectx, LIB9P_ERRNO_L_EINVAL, "offset is past half the chip size"); return 0; } if (byte_count == 0) return 0; - if (byte_offset == DATA_HSIZE) { + if (_byte_offset == DATA_HSIZE) { lib9p_error(&ctx->basectx, LIB9P_ERRNO_L_EINVAL, "offset is at half the chip size"); return 0; } + static_assert(DATA_SIZE < SIZE_MAX); + size_t byte_offset = LM_SAFEDOWNCAST(size_t, _byte_offset); size_t sector_base = LM_ROUND_DOWN(byte_offset, FLASH_SECTOR_SIZE); if (byte_offset + byte_count > sector_base + FLASH_SECTOR_SIZE) diff --git a/cmd/sbc_harness/fs_harness_uptime_txt.c b/cmd/sbc_harness/fs_harness_uptime_txt.c index f7b755f..6e65f34 100644 --- a/cmd/sbc_harness/fs_harness_uptime_txt.c +++ b/cmd/sbc_harness/fs_harness_uptime_txt.c @@ -120,16 +120,16 @@ static void uptime_fio_pread(struct uptime_fio *self, struct lib9p_srv_ctx *ctx, if (byte_offset == 0 || self->buf_len == 0) { uint64_t now = LO_CALL(bootclock, get_time_ns); - self->buf_len = snprintf(self->buf, sizeof(self->buf), "%"PRIu64"ns\n", now); + self->buf_len = LM_SAFEDOWNCAST(size_t, snprintf(self->buf, sizeof(self->buf), "%"PRIu64"ns\n", now)); } - if (byte_offset > (uint64_t)self->buf_len) { + if (byte_offset > self->buf_len) { lib9p_error(&ctx->basectx, LIB9P_ERRNO_L_EINVAL, "offset is past end-of-file length"); return; } - size_t beg_off = (size_t)byte_offset; + size_t beg_off = LM_SAFEDOWNCAST(size_t, byte_offset); size_t end_off = beg_off + (size_t)byte_count; if (end_off > self->buf_len) end_off = self->buf_len; |