From 4e1533adc2a37bcd35f54a8ac505a2b4dc1a13db Mon Sep 17 00:00:00 2001
From: Roland McGrath <roland@gnu.org>
Date: Tue, 30 Jan 1996 22:04:27 +0000
Subject: (file_pager_read_page, file_pager_write_page): Check for a page
 offset beyond the allocsize and return EIO.

---
 ext2fs/pager.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/ext2fs/pager.c b/ext2fs/pager.c
index e9131304..c387fe1f 100644
--- a/ext2fs/pager.c
+++ b/ext2fs/pager.c
@@ -114,7 +114,12 @@ file_pager_read_page (struct node *node, vm_offset_t page,
       return 0;
     }
 
-  if (page + left > node->allocsize)
+  if (page >= node->allocsize)
+    {
+      err = EIO;
+      left = 0;
+    }
+  else if (page + left > node->allocsize)
     left = node->allocsize - page;
 
   while (left > 0)
@@ -134,7 +139,7 @@ file_pager_read_page (struct node *node, vm_offset_t page,
 	}
 
       if (block == 0)
-	/* Reading unallocate block, just make a zero-filled one.  */
+	/* Reading unallocated block, just make a zero-filled one.  */
 	{
 	  *writelock = 1;
 	  if (offs == 0)
@@ -260,7 +265,12 @@ file_pager_write_page (struct node *node, vm_offset_t offset, vm_address_t buf)
 
   pending_blocks_init (&pb, buf);
 
-  if (offset + left > node->allocsize)
+  if (offset >= node->allocsize)
+    {
+      err = EIO;
+      left = 0;
+    }
+  else if (offset + left > node->allocsize)
     left = node->allocsize - offset;
 
   ext2_debug ("writing inode %d page %d[%d]", node->dn->number, offset, left);
-- 
cgit v1.2.3