On Thu, Jun 05, 2025 at 05:03:19AM +, Lidong Chen wrote:
> The potential overflow issue arises at "size += ret;" because 'size'
> is of type ssize_t (signed) while 'len' is size_t (unsigned). Repeatedly
> adding read sizes ('ret') to 'size' can potentially exceed the maximum
> value of ssize_t,
The potential overflow issue arises at "size += ret;" because 'size'
is of type ssize_t (signed) while 'len' is size_t (unsigned). Repeatedly
adding read sizes ('ret') to 'size' can potentially exceed the maximum
value of ssize_t, causing it to overflow into a negative or incorrect value.
The fix i
