From d5fc2a6ad6632778a7f426ec3cccfc1a1bcaccf1 Mon Sep 17 00:00:00 2001 From: Chris Johns Date: Tue, 5 May 2020 14:55:34 +1000 Subject: libdl/obj-cache: Fail if the read offset is past the file length - The check was for greater than and not equal or greater Updates #3969 --- cpukit/libdl/rtl-obj-cache.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/cpukit/libdl/rtl-obj-cache.c b/cpukit/libdl/rtl-obj-cache.c index 28d3b02a16..8791e2b1d5 100644 --- a/cpukit/libdl/rtl-obj-cache.c +++ b/cpukit/libdl/rtl-obj-cache.c @@ -80,7 +80,7 @@ rtems_rtl_obj_cache_read (rtems_rtl_obj_cache* cache, struct stat sb; if (rtems_rtl_trace (RTEMS_RTL_TRACE_CACHE)) - printf ("rtl: cache: %2d: fd=%d offset=%" PRIdoff_t "length=%zu area=[%" + printf ("rtl: cache: %2d: fd=%d offset=%" PRIdoff_t " length=%zu area=[%" PRIdoff_t ",%" PRIdoff_t "] cache=[%" PRIdoff_t ",%" PRIdoff_t "] size=%zu\n", fd, cache->fd, offset, *length, offset, offset + *length, @@ -95,7 +95,7 @@ rtems_rtl_obj_cache_read (rtems_rtl_obj_cache* cache, if (cache->fd == fd) { - if (offset > cache->file_size) + if (offset >= cache->file_size) { rtems_rtl_set_error (EINVAL, "offset past end of file: offset=%i size=%i", (int) offset, (int) cache->file_size); @@ -110,6 +110,7 @@ rtems_rtl_obj_cache_read (rtems_rtl_obj_cache* cache, *length = cache->file_size - offset; if (rtems_rtl_trace (RTEMS_RTL_TRACE_CACHE)) printf ("rtl: cache: %2d: truncate length=%d\n", fd, (int) *length); + } } @@ -175,8 +176,8 @@ rtems_rtl_obj_cache_read (rtems_rtl_obj_cache* cache, } if (rtems_rtl_trace (RTEMS_RTL_TRACE_CACHE)) - printf ("rtl: cache: %2d: seek: offset=%" PRIdoff_t "buffer_offset=%zu" - "read=%zu cache=[%" PRIdoff_t ",%" PRIdoff_t "] " + printf ("rtl: cache: %2d: seek: offset=%" PRIdoff_t " buffer_offset=%zu" + " read=%zu cache=[%" PRIdoff_t ",%" PRIdoff_t "] " "dist=%" PRIdoff_t "\n", fd, offset + buffer_offset, buffer_offset, buffer_read, offset, offset + buffer_read, -- cgit v1.2.3