From f2d22b3bab4de4b20c857bf6f0191fb6c000fd14 Mon Sep 17 00:00:00 2001 From: Samuel Thibault Date: Tue, 26 Apr 2016 23:42:25 +0200 Subject: libdiskfs: Reject LFS seeks and read/writes vm_offset_t (used by pager_memcpy) is not 64bit-ready yet. Reject requests which go further than this. * libdiskfs/io-seek.c (diskfs_S_io_seek): Return EFBIG when requested offset is beyond limits of vm_offset_t. * libdiskfs/rdwr-internal.c (_diskfs_rdwr_internal): Return EFBIG when request goes beyond limits of vm_offset_t. --- libdiskfs/io-seek.c | 8 ++++++++ libdiskfs/rdwr-internal.c | 7 ++++++- 2 files changed, 14 insertions(+), 1 deletion(-) (limited to 'libdiskfs') diff --git a/libdiskfs/io-seek.c b/libdiskfs/io-seek.c index 9e3ff093..0018a712 100644 --- a/libdiskfs/io-seek.c +++ b/libdiskfs/io-seek.c @@ -46,6 +46,14 @@ diskfs_S_io_seek (struct protid *cred, offset += np->dn_stat.st_size; case SEEK_SET: check: + /* pager_memcpy inherently uses vm_offset_t, which may be smaller than + off_t. */ + if (sizeof(off_t) > sizeof(vm_offset_t) && + offset > ((off_t) 1) << (sizeof(vm_offset_t) * 8)) + { + err = EFBIG; + break; + } if (offset >= 0) { *newoffset = cred->po->filepointer = offset; diff --git a/libdiskfs/rdwr-internal.c b/libdiskfs/rdwr-internal.c index 18a4ae1e..0d405517 100644 --- a/libdiskfs/rdwr-internal.c +++ b/libdiskfs/rdwr-internal.c @@ -58,7 +58,12 @@ _diskfs_rdwr_internal (struct node *np, if (memobj == MACH_PORT_NULL) return errno; - err = pager_memcpy (diskfs_get_filemap_pager_struct (np), memobj, + /* pager_memcpy inherently uses vm_offset_t, which may be smaller than off_t. */ + if (sizeof(off_t) > sizeof(vm_offset_t) && + offset + *amt > ((off_t) 1) << (sizeof(vm_offset_t) * 8)) + err = EFBIG; + else + err = pager_memcpy (diskfs_get_filemap_pager_struct (np), memobj, offset, data, amt, prot); if (!diskfs_check_readonly () && !notime) -- cgit v1.2.3