copy_file_range(2): Fix for small values of input file offset and len

r366302 broke copy_file_range(2) for small values of
input file offset and len.

It was possible for rem to be greater than len and then
"len - rem" was a large value, since both variables are
unsigned.

Reported by: koobs, Pablo <pablogsal gmail com> (Python)
Reviewed by:	asomers, koobs
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D28981
This commit is contained in:
Rick Macklem 2021-03-01 06:28:30 -08:00
parent 0e4ff0acbe
commit a5f9fe2bab

View File

@ -3143,7 +3143,7 @@ vn_generic_copy_file_range(struct vnode *invp, off_t *inoffp,
rem = *inoffp % blksize; rem = *inoffp % blksize;
if (rem > 0) if (rem > 0)
rem = blksize - rem; rem = blksize - rem;
if (len - rem > blksize) if (len > rem && len - rem > blksize)
len = savlen = rounddown(len - rem, blksize) + rem; len = savlen = rounddown(len - rem, blksize) + rem;
} }