2 files changed, 12 insertions, 8 deletions

diff --git a/cmd/sbc_harness/fs_harness_flash_bin.c b/cmd/sbc_harness/fs_harness_flash_bin.c
index f353ddd..4ca1d04 100644
--- a/cmd/sbc_harness/fs_harness_flash_bin.c
+++ b/cmd/sbc_harness/fs_harness_flash_bin.c
@@ -222,17 +222,19 @@ static void flash_file_iofree(struct flash_file *self) {
 }
 
 static void flash_file_pread(struct flash_file *self, struct lib9p_srv_ctx *ctx,
-                             uint32_t byte_count, uint64_t byte_offset,
+                             uint32_t byte_count, uint64_t _byte_offset,
                              struct iovec *ret) {
 	assert(self);
 	assert(ctx);
 	assert(ret);
 
-	if (byte_offset > DATA_SIZE) {
+	if (_byte_offset > DATA_SIZE) {
 		lib9p_error(&ctx->basectx,
 		            LIB9P_ERRNO_L_EINVAL, "offset is past the chip size");
 		return;
 	}
+	static_assert(DATA_SIZE < SIZE_MAX);
+	size_t byte_offset = LM_SAFEDOWNCAST(size_t, _byte_offset);
 
 	/* Assume that somewhere down the line the iovec we return
 	 * will be passed to DMA.  We don't want the DMA engine to hit
@@ -270,22 +272,24 @@ static void flash_file_pread(struct flash_file *self, struct lib9p_srv_ctx *ctx,
 static uint32_t flash_file_pwrite(struct flash_file *self, struct lib9p_srv_ctx *ctx,
                                   void *buf,
                                   uint32_t byte_count,
-                                  uint64_t byte_offset) {
+                                  uint64_t _byte_offset) {
 	assert(self);
 	assert(ctx);
 
-	if (byte_offset > DATA_HSIZE) {
+	if (_byte_offset > DATA_HSIZE) {
 		lib9p_error(&ctx->basectx,
 		            LIB9P_ERRNO_L_EINVAL, "offset is past half the chip size");
 		return 0;
 	}
 	if (byte_count == 0)
 		return 0;
-	if (byte_offset == DATA_HSIZE) {
+	if (_byte_offset == DATA_HSIZE) {
 		lib9p_error(&ctx->basectx,
 		            LIB9P_ERRNO_L_EINVAL, "offset is at half the chip size");
 		return 0;
 	}
+	static_assert(DATA_SIZE < SIZE_MAX);
+	size_t byte_offset = LM_SAFEDOWNCAST(size_t, _byte_offset);
 
 	size_t sector_base = LM_ROUND_DOWN(byte_offset, FLASH_SECTOR_SIZE);
 	if (byte_offset + byte_count > sector_base + FLASH_SECTOR_SIZE)
diff --git a/cmd/sbc_harness/fs_harness_uptime_txt.c b/cmd/sbc_harness/fs_harness_uptime_txt.c
index f7b755f..6e65f34 100644
--- a/cmd/sbc_harness/fs_harness_uptime_txt.c
+++ b/cmd/sbc_harness/fs_harness_uptime_txt.c
@@ -120,16 +120,16 @@ static void uptime_fio_pread(struct uptime_fio *self, struct lib9p_srv_ctx *ctx,
 
 	if (byte_offset == 0 || self->buf_len == 0) {
 		uint64_t now = LO_CALL(bootclock, get_time_ns);
-		self->buf_len = snprintf(self->buf, sizeof(self->buf), "%"PRIu64"ns\n", now);
+		self->buf_len = LM_SAFEDOWNCAST(size_t, snprintf(self->buf, sizeof(self->buf), "%"PRIu64"ns\n", now));
 	}
 
-	if (byte_offset > (uint64_t)self->buf_len) {
+	if (byte_offset > self->buf_len) {
 		lib9p_error(&ctx->basectx,
 		            LIB9P_ERRNO_L_EINVAL, "offset is past end-of-file length");
 		return;
 	}
 
-	size_t beg_off = (size_t)byte_offset;
+	size_t beg_off = LM_SAFEDOWNCAST(size_t, byte_offset);
 	size_t end_off = beg_off + (size_t)byte_count;
 	if (end_off > self->buf_len)
 		end_off = self->buf_len;