RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-30 22:18:11 +00:00
Code Issues Activity Actions

Kernel: read() and write() should EOVERFLOW if (offset+size) overflows

Browse source
This commit is contained in:
Andreas Kling 2020-01-12 20:15:53 +01:00
parent 20b2bfcafd
commit 0c44a12247
2 changed files with 25 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Kernel/FileSystem/FileDescription.cpp
View file

@ -105,6 +105,8 @@ off_t FileDescription::seek(off_t offset, int whence)
ssize_t FileDescription::read(u8* buffer, ssize_t count)
{
LOCKER(m_lock);
if ((m_current_offset + count) < 0)
return -EOVERFLOW;
SmapDisabler disabler;
int nread = m_file->read(*this, buffer, count);
if (nread > 0 && m_file->is_seekable())
@ -115,6 +117,8 @@ ssize_t FileDescription::read(u8* buffer, ssize_t count)
ssize_t FileDescription::write(const u8* data, ssize_t size)
{
LOCKER(m_lock);
if ((m_current_offset + size) < 0)
return -EOVERFLOW;
SmapDisabler disabler;
int nwritten = m_file->write(*this, data, size);
if (nwritten > 0 && m_file->is_seekable())

21
Userland/test_io.cpp
View file

@ -188,6 +188,26 @@ void test_unlink_symlink()
}
}
void test_eoverflow()
{
int fd = open("/tmp/x", O_RDWR);
ASSERT(fd >= 0);
int rc = lseek(fd, INT32_MAX, SEEK_SET);
ASSERT(rc == INT32_MAX);
char buffer[16];
rc = read(fd, buffer, sizeof(buffer));
if (rc >= 0 || errno != EOVERFLOW) {
fprintf(stderr, "Expected EOVERFLOW when trying to read past INT32_MAX\n");
}
rc = write(fd, buffer, sizeof(buffer));
if (rc >= 0 || errno != EOVERFLOW) {
fprintf(stderr, "Expected EOVERFLOW when trying to write past INT32_MAX\n");
}
close(fd);
}
int main(int, char**)
{
int rc;
@ -211,6 +231,7 @@ int main(int, char**)
test_procfs_read_past_end();
test_open_create_device();
test_unlink_symlink();
test_eoverflow();
return 0;
}