On Mon, Jul 23, 2018 at 11:42:12AM +0200, Marek Vasut wrote: > The variable 'n' represents the number of bytes to be read from a certain > offset in a file, to a certain offset in buffer 'buf'. The variable 'len' > represents the length of the entire file, clamped correctly to avoid any > overflows. > > Therefore, comparing 'n' and 'len' to determine whether clearing 'n' > bytes of the buffer 'buf' at a certain offset would clear data past > buffer 'buf' cannot lead to a correct result, since the 'n' does not > contain the offset from the beginning of the file. > > This patch keeps track of the amount of data read and checks for the > buffer overflow by comparing the 'n' to the remaining amount of data > to be read instead. > > Signed-off-by: Marek Vasut <[email protected]> > Cc: Ian Ray <[email protected]> > Cc: Martyn Welch <[email protected]> > Cc: Stefano Babic <[email protected]> > Cc: Tom Rini <[email protected]> > Fixes: ecdfb4195b20 ("ext4: recover from filesystem corruption when reading")
Good catch. Can this problem also be recreated/tested with test/fs/fs-test.sh? Thanks! -- Tom
signature.asc
Description: PGP signature
_______________________________________________ U-Boot mailing list [email protected] https://lists.denx.de/listinfo/u-boot
