On Fri, 2022-01-07 at 14:38 +0100, David Disseldorp wrote: > When processing a "file" entry, gen_init_cpio attempts to allocate a > buffer large enough to stage the entire contents of the source file. > It then attempts to fill the buffer via a single read() call and > subsequently writes out the entire buffer length, without checking > that > read() returned the full length, potentially writing uninitialized > buffer memory. > > Fix this by breaking up file I/O into 64k chunks and only writing the > length returned by the prior read() call. > > Signed-off-by: David Disseldorp <ddiss@xxxxxxx> Looks ok to me. Reviewed-by: Martin Wilck <mwilck@xxxxxxxx>
