RepoMirrors/mars
1
0
Fork 0
mirror of https://github.com/schoebel/mars synced 2025-03-06 21:37:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

copy: safeguard ref_len

Browse Source
This commit is contained in:
Thomas Schoebel-Theuer 2022-07-12 19:55:25 +02:00
parent b6a5ee3227
commit 1e551e624b
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
kernel/mars_copy.c
View File

@ -326,6 +326,7 @@ int _make_mref(struct copy_brick *brick,
unsigned offset; unsigned offset;
unsigned max_len; unsigned max_len;
unsigned len; unsigned len;
int ref_len;
int status = -EAGAIN; int status = -EAGAIN;
/* Does it make sense to create a new mref right here? */ /* Does it make sense to create a new mref right here? */
@ -416,12 +417,15 @@ int _make_mref(struct copy_brick *brick,
mars_free_mref(mref); mars_free_mref(mref);
goto done; goto done;
} }
/* in general, mref_get() may deliver a shorter buffer */ /* In general, mref_get() may deliver a shorter buffer,
st->len = len; * and even EOF.
if (mref->ref_len < len) { */
st->len = mref->ref_len; WRITE_ONCE(st->len, len);
ref_len = mref->ref_len;
if (ref_len >= 0 && ref_len < len) {
WRITE_ONCE(st->len, ref_len);
MARS_DBG("shorten len %d < %u at queue=%d index=%u\n", MARS_DBG("shorten len %d < %u at queue=%d index=%u\n",
mref->ref_len, len, queue, index); ref_len, len, queue, index);
} }
SETUP_CALLBACK(mref, copy_endio, mref_a); SETUP_CALLBACK(mref, copy_endio, mref_a);