d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

It turns out r344226 narrowed the overrun bug but did not eliminate it entirely

Browse Source 
This commit fixes a remaining output buffer overrun in the
single-sector case when there is a non-zero tail.

Reviewed by:	allanjude, tsoome
MFC after:	3 months
MFC with:	r344226
Differential Revision:	https://reviews.freebsd.org/D19220
This commit is contained in:
Patrick Kelsey 2019-02-17 17:47:08 +00:00
parent 648890835c
commit a070559721
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=344234
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
stand/libsa/zfs/zfs.c
View File

@ -435,8 +435,8 @@ vdev_read(vdev_t *vdev, void *priv, off_t offset, void *buf, size_t bytes)
ret = EIO;
goto error;
}
memcpy(outbuf, bouncebuf + head, secsz - head);
outbuf += secsz - head;
memcpy(outbuf, bouncebuf + head, min(secsz - head, bytes));
outbuf += min(secsz - head, bytes);
}
/* Full data return from read sectors */