yamt commented on code in PR #15603:
URL: https://github.com/apache/nuttx/pull/15603#discussion_r1924600320
##########
fs/vfs/fs_read.c:
##########
@@ -74,36 +69,36 @@ static ssize_t file_readv_compat(FAR struct file *filep,
FAR struct uio *uio)
continue;
}
- buffer = iov[i].iov_base;
- remaining = iov[i].iov_len;
+ /* Sanity check to avoid total length overflow */
+
+ if (ntotal > 0 && SSIZE_MAX - ntotal < iov[i].iov_len)
+ {
+ break;
Review Comment:
> Because the size of 1 vector slot(iov) will not cause overflow
actually it does because SIZE_MAX > SSIZE_MAX.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
