On 11/01/2022 15:12, Juergen Gross wrote:
> +static int savefile_write(int fd, const void *buf, size_t nbytes)
> +{
> + int ret = 0, tot = nbytes;
> + struct file *file = get_file_from_fd(fd);
> +
> + while ( nbytes > 0 )
> + {
> + ret = xencons_ring_send(file->dev, (char *)buf, nbytes);
> + nbytes -= ret;
> + buf = (char *)buf + ret;
> + }
> +
> + return tot - nbytes;
> +}
> +
> +static int console_write(int fd, const void *buf, size_t nbytes)
> +{
> + struct file *file = get_file_from_fd(fd);
> +
> + console_print(file->dev, (char *)buf, nbytes);
I've just noticed this while committing the previous series, and I know
it is a preexisting bug, but the casts here are utterly unsafe, because
they're casting away constness.
console_print() is easy to fix, and just requires a prototype
adjustment. That said, it also desperately also needs to fix 'int
length' to size_t to avoid problems with negative length VLAs on the stack.
xencons_ring_send() already takes const char *, so I'm pretty sure you
can just drop the casts here. It too ought to not truncate size_t bytes
to "unsigned".
~Andrew
