Wu Fengguang <fengguang.wu@xxxxxxxxx> writes:
> +static int
> +__negative_fpos_check(struct file *file, loff_t pos, size_t count)
> +{
> + /*
> + * pos or pos+count is negative here, check overflow.
> + * too big "count" will be caught in rw_verify_area().
> + */
> + if ((pos < 0) && (pos + count < pos))
> + return -EOVERFLOW;
> + if (file->f_mode & FMODE_NEG_OFFSET)
> + return 0;
> + return -EINVAL;
> +}
> +
> /*
> * rw_verify_area doesn't like huge counts. We limit
> * them to something that fits in "int" so that others
> @@ -222,8 +236,11 @@ int rw_verify_area(int read_write, struc
> if (unlikely((ssize_t) count < 0))
> return retval;
> pos = *ppos;
> - if (unlikely((pos < 0) || (loff_t) (pos + count) < 0))
> - return retval;
> + if (unlikely((pos < 0) || (loff_t) (pos + count) < 0)) {
> + retval = __negative_fpos_check(file, pos, count);
> + if (retval)
> + return retval;
> + }
>
> if (unlikely(inode->i_flock && mandatory_lock(inode))) {
> retval = locks_mandatory_area(
Um... How do lseek() work? It sounds like to violate error code range.
--
OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
