RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 05:58:11 +00:00
Code Issues Activity Actions

Kernel: Check for off_t overflow in FileDescription::read/write

Browse source 
We were checking for size_t (unsigned) overflow but the current offset
is actually stored as off_t (signed). Fix this, and also fail with
EOVERFLOW correctly.
This commit is contained in:
Andreas Kling 2021-02-03 10:54:35 +01:00
parent 9f05044c50
commit e1236dac3e
1 changed files with 4 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

12
Kernel/FileSystem/FileDescription.cpp
View file

@ -165,10 +165,8 @@ off_t FileDescription::seek(off_t offset, int whence)
KResultOr<size_t> FileDescription::read(UserOrKernelBuffer& buffer, size_t count)
{
LOCKER(m_lock);
Checked<size_t> new_offset = m_current_offset;
new_offset += count;
if (new_offset.has_overflow())
return -EOVERFLOW;
if (Checked<off_t>::addition_would_overflow(m_current_offset, count))
return EOVERFLOW;
auto nread_or_error = m_file->read(*this, offset(), buffer, count);
if (!nread_or_error.is_error()) {
if (m_file->is_seekable())
@ -181,10 +179,8 @@ KResultOr<size_t> FileDescription::read(UserOrKernelBuffer& buffer, size_t count
KResultOr<size_t> FileDescription::write(const UserOrKernelBuffer& data, size_t size)
{
LOCKER(m_lock);
Checked<size_t> new_offset = m_current_offset;
new_offset += size;
if (new_offset.has_overflow())
return -EOVERFLOW;
if (Checked<off_t>::addition_would_overflow(m_current_offset, size))
return EOVERFLOW;
auto nwritten_or_error = m_file->write(*this, offset(), data, size);
if (!nwritten_or_error.is_error()) {
if (m_file->is_seekable())