diff options
| author | Philippe Mathieu-Daudé <philmd@linaro.org> | 2025-07-31 13:55:25 +0200 |
|---|---|---|
| committer | Philippe Mathieu-Daudé <philmd@linaro.org> | 2025-08-05 16:05:56 +0200 |
| commit | b82e7a2a1da5638c4c51fcf5a254b65762080b85 (patch) | |
| tree | 8035e0e041a5c64a9bfdfdcaa06dc56bca81f688 /hw/sd/bcm2835_sdhost.c | |
| parent | 3025ea65bd515196e871adc8959336c51b9d27bc (diff) | |
| download | focaccia-qemu-b82e7a2a1da5638c4c51fcf5a254b65762080b85.tar.gz focaccia-qemu-b82e7a2a1da5638c4c51fcf5a254b65762080b85.zip | |
hw/sd/sdbus: Provide buffer size to sdbus_do_command()
We provide to sdbus_do_command() a pointer to a buffer to be filled with a varying number of bytes. By not providing the buffer size, the callee can not check the buffer is big enough. Pass the buffer size as argument to follow good practices. sdbus_do_command() doesn't return any error, only the size filled in the buffer. Convert the returned type to unsigned and remove the few unreachable lines in callers. This allow to check for possible overflow in sd_do_command(). Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20250804133406.17456-4-philmd@linaro.org>
Diffstat (limited to 'hw/sd/bcm2835_sdhost.c')
| -rw-r--r-- | hw/sd/bcm2835_sdhost.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/hw/sd/bcm2835_sdhost.c b/hw/sd/bcm2835_sdhost.c index 29debdf59e..f7cef7bb1c 100644 --- a/hw/sd/bcm2835_sdhost.c +++ b/hw/sd/bcm2835_sdhost.c @@ -113,15 +113,12 @@ static void bcm2835_sdhost_send_command(BCM2835SDHostState *s) { SDRequest request; uint8_t rsp[16]; - int rlen; + size_t rlen; request.cmd = s->cmd & SDCMD_CMD_MASK; request.arg = s->cmdarg; - rlen = sdbus_do_command(&s->sdbus, &request, rsp); - if (rlen < 0) { - goto error; - } + rlen = sdbus_do_command(&s->sdbus, &request, rsp, sizeof(rsp)); if (!(s->cmd & SDCMD_NO_RESPONSE)) { if (rlen == 0 || (rlen == 4 && (s->cmd & SDCMD_LONG_RESPONSE))) { goto error; |