On Thu, Oct 08, 2015 at 11:19:45PM +0200, Sebastian Hesselbarth wrote:
> When using memcpy_sz with rwsize != 1 integer division of
> count/rwsize may leave some bytes of the request uncopied if
> count is not a multiple of rwsize.
>
> Fix this behavior by decrementing count by rwsize instead of
> integer division and use plain memcpy for the remaining bytes.
>
> Signed-off-by: Sebastian Hesselbarth <sebastian.hesselbarth@xxxxxxxxx>
> ---
> Cc: barebox@xxxxxxxxxxxxxxxxxxx
> ---
> fs/fs.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/fs/fs.c b/fs/fs.c
> index c041e41bb51b..ccbda22d2692 100644
> --- a/fs/fs.c
> +++ b/fs/fs.c
> @@ -1580,9 +1580,7 @@ static void memcpy_sz(void *dst, const void *src, size_t count, int rwsize)
>
> rwsize = rwsize >> O_RWSIZE_SHIFT;
>
> - count /= rwsize;
> -
> - while (count-- > 0) {
> + while (count > 0) {
> switch (rwsize) {
> case 1:
> *((u8 *)dst) = *((u8 *)src);
> @@ -1599,7 +1597,12 @@ static void memcpy_sz(void *dst, const void *src, size_t count, int rwsize)
> }
> dst += rwsize;
> src += rwsize;
> + count -= rwsize;
> }
This doesn't look correct. When count > 0 you are inside the loop, so
> +
> + /* copy remaining bytes with plain memcpy */
> + if (count)
> + memcpy(dst, src, count);
here count <= 0 which is no meaningful argument for the copy size.
Should the loop start with while (count >= rwsize) instead?
I wonder if the behaviour shouldn't rather be:
- let memcpy_sz return the number of bytes copied and not copy the
remaining partial word.
- return error from memcpy_sz when input count < rwsize
This would allow us to catch wrongly aligned sizes.
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox
