diff options
| author | Philippe Mathieu-Daudé <philmd@linaro.org> | 2025-07-31 13:55:25 +0200 |
|---|---|---|
| committer | Philippe Mathieu-Daudé <philmd@linaro.org> | 2025-08-05 16:05:56 +0200 |
| commit | b82e7a2a1da5638c4c51fcf5a254b65762080b85 (patch) | |
| tree | 8035e0e041a5c64a9bfdfdcaa06dc56bca81f688 /hw/sd/sd.c | |
| parent | 3025ea65bd515196e871adc8959336c51b9d27bc (diff) | |
| download | focaccia-qemu-b82e7a2a1da5638c4c51fcf5a254b65762080b85.tar.gz focaccia-qemu-b82e7a2a1da5638c4c51fcf5a254b65762080b85.zip | |
hw/sd/sdbus: Provide buffer size to sdbus_do_command()
We provide to sdbus_do_command() a pointer to a buffer to be filled with a varying number of bytes. By not providing the buffer size, the callee can not check the buffer is big enough. Pass the buffer size as argument to follow good practices. sdbus_do_command() doesn't return any error, only the size filled in the buffer. Convert the returned type to unsigned and remove the few unreachable lines in callers. This allow to check for possible overflow in sd_do_command(). Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20250804133406.17456-4-philmd@linaro.org>
Diffstat (limited to 'hw/sd/sd.c')
| -rw-r--r-- | hw/sd/sd.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/hw/sd/sd.c b/hw/sd/sd.c index 76ce54664f..069107a2e7 100644 --- a/hw/sd/sd.c +++ b/hw/sd/sd.c @@ -2166,8 +2166,9 @@ static bool cmd_valid_while_locked(SDState *sd, unsigned cmd) return cmd_class == 0 || cmd_class == 7; } -static int sd_do_command(SDState *sd, SDRequest *req, - uint8_t *response) { +static size_t sd_do_command(SDState *sd, SDRequest *req, + uint8_t *response, size_t respsz) +{ int last_state; sd_rsp_type_t rtype; int rsplen; @@ -2231,6 +2232,7 @@ static int sd_do_command(SDState *sd, SDRequest *req, send_response: rsplen = sd_response_size(sd, rtype); + assert(rsplen <= respsz); switch (rtype) { case sd_r1: |