On Tue, Nov 12, 2024 at 02:34:13PM +0500, Sabyrzhan Tasbolatov wrote: > On Mon, Nov 11, 2024 at 7:29 PM Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> wrote: > > I don't understand your analysis. As you said, cntr is initially set to > > the amount in the buffer: > > > > If cntr <= count then cntr isn't changed, so the amount of data > > copied to the user is the same as what is in the buffer. > > > > Otherwise, if cntr > count, then cntr is decreased so that the > > amount copied to the user is no larger than what the user asked > > for -- but then it's obviously smaller than what's in the buffer. > > > > In neither case does the code copy more data than the buffer contains. > > Hello, > I've sent the v3 patch [1] per Oliver's explanation if I interpreted > it correctly. > I don't have the reproducer to verify if the patch solves the problem. > If the analysis or patch is not right, please let me know. The analysis is not right. The patch is also not right, because it doesn't change the meaning of the code (except for one respect, in which it is wrong). I'll send another email responding to the patch itself. Alan Stern
