The return value of smh_flen() is written to size and not to ret. But ret is checked. We can avoid calling smh_flen() by setting maxsize to LONG_MAX if it is not set yet.
Check input parameters. Fixes: f676b45151c3 ("fs: Add semihosting filesystem") Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com> --- fs/semihostingfs.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/fs/semihostingfs.c b/fs/semihostingfs.c index 96eb3349a2..8a7d4da884 100644 --- a/fs/semihostingfs.c +++ b/fs/semihostingfs.c @@ -25,6 +25,9 @@ static int smh_fs_read_at(const char *filename, loff_t pos, void *buffer, { long fd, size, ret; + if (pos > LONG_MAX || maxsize > LONG_MAX) + return -EINVAL; + fd = smh_open(filename, MODE_READ | MODE_BINARY); if (fd < 0) return fd; @@ -33,15 +36,8 @@ static int smh_fs_read_at(const char *filename, loff_t pos, void *buffer, smh_close(fd); return ret; } - if (!maxsize) { - size = smh_flen(fd); - if (ret < 0) { - smh_close(fd); - return size; - } - - maxsize = size; - } + if (!maxsize) + maxsize = LONG_MAX; size = smh_read(fd, buffer, maxsize); smh_close(fd); -- 2.39.2