chardev: Convert qemu_chr_write() to take a size_t argument

[Qemu-devel] [PATCH v3 10/25] usb-redir: Verify usbredirparser_write get called with positive count

Philippe Mathieu-Daudé posted 25 patches 6 years, 8 months ago

Download mbox

Maintainers: Anthony Perard <anthony.perard@citrix.com>, Li Zhijian <lizhijian@cn.fujitsu.com>, Jason Wang <jasowang@redhat.com>, Cornelia Huck <cohuck@redhat.com>, Amit Shah <amit@kernel.org>, "Michael S. Tsirkin" <mst@redhat.com>, Paul Durrant <paul.durrant@citrix.com>, Halil Pasic <pasic@linux.ibm.com>, Christian Borntraeger <borntraeger@de.ibm.com>, David Gibson <david@gibson.dropbear.id.au>, Zhang Chen <zhangckid@gmail.com>, Corey Minyard <minyard@acm.org>, Gerd Hoffmann <kraxel@redhat.com>, Stefano Stabellini <sstabellini@kernel.org>, Paolo Bonzini <pbonzini@redhat.com>, Stefan Berger <stefanb@linux.ibm.com>, Samuel Thibault <samuel.thibault@ens-lyon.org>, "Marc-André Lureau" <marcandre.lureau@redhat.com>, Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>

Expand all Fold all

[Qemu-devel] [PATCH v3 10/25] usb-redir: Verify usbredirparser_write get called with positive count

Posted by Philippe Mathieu-Daudé 6 years, 8 months ago

The usbredirparser_write handler should never be called with a negative
size payload, return an error if this is not the case.
Now that we are sure the 'count' value is positive, make it obvious by
casting it to a size_t.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/usb/redirect.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index 18a42d1938..131eae2e7e 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -285,7 +285,11 @@ static int usbredir_write(void *priv, uint8_t *data, int count)
         return 0;
     }
 
-    r = qemu_chr_fe_write(&dev->cs, data, count);
+    if (count < 0) {
+        ERROR("Illegal write count: %i\n", count);
+        return 0;
+    }
+    r = qemu_chr_fe_write(&dev->cs, data, (size_t)count);
     if (r < count) {
         if (!dev->watch) {
             dev->watch = qemu_chr_fe_add_watch(&dev->cs, G_IO_OUT | G_IO_HUP,
-- 
2.20.1

Re: [Qemu-devel] [PATCH v3 10/25] usb-redir: Verify usbredirparser_write get called with positive count

Posted by Gerd Hoffmann 6 years, 8 months ago

On Wed, Feb 20, 2019 at 02:02:17AM +0100, Philippe Mathieu-Daudé wrote:
> The usbredirparser_write handler should never be called with a negative
> size payload, return an error if this is not the case.
> Now that we are sure the 'count' value is positive, make it obvious by
> casting it to a size_t.

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>