descriptor_utils: check for size overflow in new()

Move the check for length overflow that was in available_bytes() into
Reader::new() and Writer::new().  This simplifies callers, since they
can assume that once a valid Reader or Writer has been constructed,
available_bytes() cannot fail.  Since we are walking the descriptor
chain during new() anyway, this extra check should be essentially free.

BUG=None
TEST=cargo test -p devices descriptor_utils

Change-Id: Ibeb1defd3728e7b71356650094b0885f3419ed47
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1873142
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Stephen Barber <smbarber@chromium.org>

1 files changed, 2 insertions, 2 deletions

diff --git a/devices/src/virtio/tpm.rs b/devices/src/virtio/tpm.rs
index 2267fed..f5637d3 100644
--- a/devices/src/virtio/tpm.rs
+++ b/devices/src/virtio/tpm.rs
@@ -54,7 +54,7 @@ impl Device {
         let mut reader = Reader::new(mem, desc.clone()).map_err(Error::Descriptor)?;
         let mut writer = Writer::new(mem, desc).map_err(Error::Descriptor)?;
 
-        let available_bytes = reader.available_bytes().map_err(Error::Descriptor)?;
+        let available_bytes = reader.available_bytes();
         if available_bytes > TPM_BUFSIZE {
             return Err(Error::CommandTooLong {
                 size: available_bytes,
@@ -72,7 +72,7 @@ impl Device {
             });
         }
 
-        let writer_len = writer.available_bytes().map_err(Error::Descriptor)?;
+        let writer_len = writer.available_bytes();
         if response.len() > writer_len {
             return Err(Error::BufferTooSmall {
                 size: writer_len,