hw/block/pflash_cfi01: Don't decrement pfl->counter below 0

In pflash_write() Coverity points out that we can decrement the unsigned pfl->counter below zero, which makes it wrap around. In fact this is harmless, because if pfl->counter is 0 at this point we also increment pfl->wcycle to 3, and the wcycle == 3 handling doesn't look at counter; the only way back into code which looks at the counter value is via wcycle == 1, which will reinitialize the counter. But it's arguably a little clearer to break early in the "counter == 0" if(), to avoid the decrement-below-zero. Resolves: Coverity CID 1547611 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Message-ID: <20240731143617.3391947-4-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
author: Peter Maydell <peter.maydell@linaro.org> 2024-07-31 15:36:13 +0100
committer: Philippe Mathieu-Daudé <philmd@linaro.org> 2024-08-06 10:22:52 +0200
commit: 8f64e7449e474e18017eb1414bc13e491edd8596 (patch)
tree: 492f4c3d66289cfa76a953e74f36a3869e3679ea /hw/block/pflash_cfi01.c
parent: ed5a159c3de48a581f46de4c8c02b4b295e6c52d (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index c8f1cf5a87..2f3d1dd509 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -614,6 +614,7 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
             if (!pfl->counter) {
                 trace_pflash_write(pfl->name, "block write finished");
                 pfl->wcycle++;
+                break;
             }
 
             pfl->counter--;
author	Peter Maydell <peter.maydell@linaro.org>	2024-07-31 15:36:13 +0100
committer	Philippe Mathieu-Daudé <philmd@linaro.org>	2024-08-06 10:22:52 +0200
commit	8f64e7449e474e18017eb1414bc13e491edd8596 (patch)
tree	492f4c3d66289cfa76a953e74f36a3869e3679ea /hw/block/pflash_cfi01.c
parent	ed5a159c3de48a581f46de4c8c02b4b295e6c52d (diff)