Kernel: Check for off_t overflow in FileDescription::read/write

We were checking for size_t (unsigned) overflow but the current offset is actually stored as off_t (signed). Fix this, and also fail with EOVERFLOW correctly.
2025-07-25 14:37:46 +00:00 · 2021-02-03 10:54:35 +01:00 · 2021-02-03 10:54:35 +01:00 · e1236dac3e
commit e1236dac3e
parent 9f05044c50
1 changed files with 4 additions and 8 deletions
--- a/Kernel/FileSystem/FileDescription.cpp
+++ b/Kernel/FileSystem/FileDescription.cpp
@ -165,10 +165,8 @@ off_t FileDescription::seek(off_t offset, int whence)
 KResultOr<size_t> FileDescription::read(UserOrKernelBuffer& buffer, size_t count)
 {
    LOCKER(m_lock);
-    Checked<size_t> new_offset = m_current_offset;
+    if (Checked<off_t>::addition_would_overflow(m_current_offset, count))
-    new_offset += count;
+        return EOVERFLOW;
    if (new_offset.has_overflow())
        return -EOVERFLOW;
    auto nread_or_error = m_file->read(*this, offset(), buffer, count);
    if (!nread_or_error.is_error()) {
        if (m_file->is_seekable())
@ -181,10 +179,8 @@ KResultOr<size_t> FileDescription::read(UserOrKernelBuffer& buffer, size_t count
 KResultOr<size_t> FileDescription::write(const UserOrKernelBuffer& data, size_t size)
 {
    LOCKER(m_lock);
-    Checked<size_t> new_offset = m_current_offset;
+    if (Checked<off_t>::addition_would_overflow(m_current_offset, size))
-    new_offset += size;
+        return EOVERFLOW;
    if (new_offset.has_overflow())
        return -EOVERFLOW;
    auto nwritten_or_error = m_file->write(*this, offset(), data, size);
    if (!nwritten_or_error.is_error()) {
        if (m_file->is_seekable())