qemu-s390x
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[qemu-s390x] [PATCH v3 23/25] hw/ipmi: Assert outlen > outpos


From: Philippe Mathieu-Daudé
Subject: [qemu-s390x] [PATCH v3 23/25] hw/ipmi: Assert outlen > outpos
Date: Wed, 20 Feb 2019 02:02:30 +0100

A througfull audit show that all time data is added to outbuf[],
'outlen' is incremented. Then at creation and each time
continue_send() returns it pass thru check_reset which resets
'outpos', thus we always have 'outlen >= outpos'.
Also due to the check on entry, we know outlen != 0.
We can then add an assertion on 'outlen > outpos', which will
helps the next patch to safely convert 'outlen - outpos' as an
unsigned type (size_t).

Make this assertion explicit by casting 'outlen - outpos' size_t.

Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
---
 hw/ipmi/ipmi_bmc_extern.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/ipmi/ipmi_bmc_extern.c b/hw/ipmi/ipmi_bmc_extern.c
index bf0b7ee0f5..ca61b04942 100644
--- a/hw/ipmi/ipmi_bmc_extern.c
+++ b/hw/ipmi/ipmi_bmc_extern.c
@@ -107,8 +107,9 @@ static void continue_send(IPMIBmcExtern *ibe)
         goto check_reset;
     }
  send:
+    assert(ibe->outlen > ibe->outpos);
     ret = qemu_chr_fe_write(&ibe->chr, ibe->outbuf + ibe->outpos,
-                            ibe->outlen - ibe->outpos);
+                            (size_t)(ibe->outlen - ibe->outpos));
     if (ret > 0) {
         ibe->outpos += ret;
     }
-- 
2.20.1




reply via email to

[Prev in Thread] Current Thread [Next in Thread]