From b82e7a2a1da5638c4c51fcf5a254b65762080b85 Mon Sep 17 00:00:00 2001 From: Philippe Mathieu-Daudé Date: Thu, 31 Jul 2025 13:55:25 +0200 Subject: hw/sd/sdbus: Provide buffer size to sdbus_do_command() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We provide to sdbus_do_command() a pointer to a buffer to be filled with a varying number of bytes. By not providing the buffer size, the callee can not check the buffer is big enough. Pass the buffer size as argument to follow good practices. sdbus_do_command() doesn't return any error, only the size filled in the buffer. Convert the returned type to unsigned and remove the few unreachable lines in callers. This allow to check for possible overflow in sd_do_command(). Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Message-Id: <20250804133406.17456-4-philmd@linaro.org> --- hw/sd/omap_mmc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'hw/sd/omap_mmc.c') diff --git a/hw/sd/omap_mmc.c b/hw/sd/omap_mmc.c index b7648d41cc..5a1d25defa 100644 --- a/hw/sd/omap_mmc.c +++ b/hw/sd/omap_mmc.c @@ -130,7 +130,8 @@ static void omap_mmc_command(OMAPMMCState *host, int cmd, int dir, sd_rsp_type_t resptype, int init) { uint32_t rspstatus, mask; - int rsplen, timeout; + size_t rsplen; + int timeout; SDRequest request; uint8_t response[16]; @@ -157,7 +158,7 @@ static void omap_mmc_command(OMAPMMCState *host, int cmd, int dir, request.arg = host->arg; request.crc = 0; /* FIXME */ - rsplen = sdbus_do_command(&host->sdbus, &request, response); + rsplen = sdbus_do_command(&host->sdbus, &request, response, sizeof(response)); /* TODO: validate CRCs */ switch (resptype) { -- cgit 1.4.1