patch-2.2.17 linux/fs/read_write.c
Next file: linux/fs/smbfs/ChangeLog
Previous file: linux/fs/proc/inode.c
Back to the patch index
Back to the overall index
- Lines: 25
- Date:
Mon Sep 4 18:39:27 2000
- Orig file:
v2.2.16/fs/read_write.c
- Orig date:
Mon Sep 4 18:37:06 2000
diff -u --recursive --new-file v2.2.16/fs/read_write.c linux/fs/read_write.c
@@ -210,12 +210,19 @@
if (copy_from_user(iov, vector, count*sizeof(*vector)))
goto out;
+ /* BSD readv/writev returns EINVAL if one of the iov_len
+ values < 0 or tot_len overflowed a 32-bit integer. -ink */
tot_len = 0;
- for (i = 0 ; i < count ; i++)
- tot_len += iov[i].iov_len;
-
- if((long) tot_len <0)
- return -EINVAL;
+ ret = -EINVAL;
+ for (i = 0 ; i < count ; i++) {
+ size_t tmp = tot_len;
+ int len = iov[i].iov_len;
+ if (len < 0)
+ goto out;
+ (u32)tot_len += len;
+ if (tot_len < tmp || tot_len < (u32)len)
+ goto out;
+ }
inode = file->f_dentry->d_inode;
/* VERIFY_WRITE actually means a read, as we write to user space */
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)