From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Rini Date: Mon, 23 Jul 2018 10:09:00 -0400 Subject: [U-Boot] [PATCH] fs: ext4: Prevent erasing buffer past file size In-Reply-To: <20180723094212.3031-1-marex@denx.de> References: <20180723094212.3031-1-marex@denx.de> Message-ID: <20180723140900.GG11755@bill-the-cat> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On Mon, Jul 23, 2018 at 11:42:12AM +0200, Marek Vasut wrote: > The variable 'n' represents the number of bytes to be read from a certain > offset in a file, to a certain offset in buffer 'buf'. The variable 'len' > represents the length of the entire file, clamped correctly to avoid any > overflows. > > Therefore, comparing 'n' and 'len' to determine whether clearing 'n' > bytes of the buffer 'buf' at a certain offset would clear data past > buffer 'buf' cannot lead to a correct result, since the 'n' does not > contain the offset from the beginning of the file. > > This patch keeps track of the amount of data read and checks for the > buffer overflow by comparing the 'n' to the remaining amount of data > to be read instead. > > Signed-off-by: Marek Vasut > Cc: Ian Ray > Cc: Martyn Welch > Cc: Stefano Babic > Cc: Tom Rini > Fixes: ecdfb4195b20 ("ext4: recover from filesystem corruption when reading") Good catch. Can this problem also be recreated/tested with test/fs/fs-test.sh? Thanks! -- Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: