From: Olga Kornievskaia <kolga@xxxxxxxxxx> Enforce the check that source offset can't be beyond the end of the file. Signed-off-by: Anna Schumaker <Anna.Schumaker@xxxxxxxxxx> --- fs/read_write.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/read_write.c b/fs/read_write.c index fb4ffca..7bdbf39 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -1570,6 +1570,9 @@ ssize_t vfs_copy_file_range(struct file *file_in, loff_t pos_in, if (unlikely(ret)) return ret; + if (pos_in >= i_size_read(inode_in)) + return -EINVAL; + if (!(file_in->f_mode & FMODE_READ) || !(file_out->f_mode & FMODE_WRITE) || (file_out->f_flags & O_APPEND)) -- 1.8.3.1
