libdiskfs: Reject LFS seeks and read/writes

vm_offset_t (used by pager_memcpy) is not 64bit-ready yet. Reject requests
which go further than this.

* libdiskfs/io-seek.c (diskfs_S_io_seek): Return EFBIG when requested offset
is beyond limits of vm_offset_t.
* libdiskfs/rdwr-internal.c (_diskfs_rdwr_internal): Return EFBIG when
request goes beyond limits of vm_offset_t.

2 files changed, 14 insertions, 1 deletions

diff --git a/libdiskfs/io-seek.c b/libdiskfs/io-seek.c
index 9e3ff093..0018a712 100644
--- a/libdiskfs/io-seek.c
+++ b/libdiskfs/io-seek.c
@@ -46,6 +46,14 @@ diskfs_S_io_seek (struct protid *cred,
       offset += np->dn_stat.st_size;
     case SEEK_SET:
     check:
+      /* pager_memcpy inherently uses vm_offset_t, which may be smaller than
+         off_t.  */
+      if (sizeof(off_t) > sizeof(vm_offset_t) &&
+	  offset > ((off_t) 1) << (sizeof(vm_offset_t) * 8))
+	{
+	  err = EFBIG;
+	  break;
+	}
       if (offset >= 0)
 	{
 	  *newoffset = cred->po->filepointer = offset;
diff --git a/libdiskfs/rdwr-internal.c b/libdiskfs/rdwr-internal.c
index 18a4ae1e..0d405517 100644
--- a/libdiskfs/rdwr-internal.c
+++ b/libdiskfs/rdwr-internal.c
@@ -58,7 +58,12 @@ _diskfs_rdwr_internal (struct node *np,
   if (memobj == MACH_PORT_NULL)
     return errno;
 
-  err = pager_memcpy (diskfs_get_filemap_pager_struct (np), memobj,
+  /* pager_memcpy inherently uses vm_offset_t, which may be smaller than off_t.  */
+  if (sizeof(off_t) > sizeof(vm_offset_t) &&
+      offset + *amt > ((off_t) 1) << (sizeof(vm_offset_t) * 8))
+    err = EFBIG;
+  else
+    err = pager_memcpy (diskfs_get_filemap_pager_struct (np), memobj,
 		      offset, data, amt, prot);
 
   if (!diskfs_check_readonly () && !notime)