On Tue, 26 Apr 2022 13:40:39 -0700, Andrew Morton wrote: > On Mon, 4 Apr 2022 11:34:28 +0200 David Disseldorp <ddiss@xxxxxxx> wrote: > > > When processing a "file" entry, gen_init_cpio attempts to allocate a > > buffer large enough to stage the entire contents of the source file. > > It then attempts to fill the buffer via a single read() call and > > subsequently writes out the entire buffer length, without checking that > > read() returned the full length, potentially writing uninitialized > > buffer memory. > > That was rather rude of it. > > > Fix this by breaking up file I/O into 64k chunks and only writing the > > length returned by the prior read() call. > > Does this change fix any known or reported problems? This was found via code inspection. I'm not aware of anyone hitting it in the wild. Thanks for the feedback, Andrew. Cheers, David
