The documentation comment for qemu_semihosting_console_write() says
* Returns: number of bytes written -- this should only ever be short
* on some sort of i/o error.
and the callsites rely on this. However, the implementation code
path which sends console output to a chardev doesn't honour this,
and will return negative values on error. Bring it into line with
the other implementation codepaths and the documentation, so that
it returns 0 on error.
Spotted by Coverity, because console_write() passes the return value
to unlock_user(), which doesn't accept a negative length.
Resolves: Coverity CID 1490288
Signed-off-by: Peter Maydell
---
console_write() doesn't need to pass the length to unlock_user()
at all, as it happens -- see the next patch.
---
semihosting/console.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/semihosting/console.c b/semihosting/console.c
index 5b1ec0a1c39..0f976fe8cb1 100644
--- a/semihosting/console.c
+++ b/semihosting/console.c
@@ -111,7 +111,8 @@ int qemu_semihosting_console_read(CPUState *cs, void *buf,
int len)
int qemu_semihosting_console_write(void *buf, int len)
{
if (console.chr) {
-return qemu_chr_write_all(console.chr, (uint8_t *)buf, len);
+int r = qemu_chr_write_all(console.chr, (uint8_t *)buf, len);
+return r < 0 ? 0 : r;
} else {
return fwrite(buf, 1, len, stderr);
}
--
2.25.1
