The return value of smh_flen() is written to size and not to ret. But ret
is checked. We can avoid calling smh_flen() by setting maxsize to LONG_MAX
if it is not set yet.

Check input parameters.

Fixes: f676b45151c3 ("fs: Add semihosting filesystem")
Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com>
---
 fs/semihostingfs.c | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/fs/semihostingfs.c b/fs/semihostingfs.c
index 96eb3349a2..8a7d4da884 100644
--- a/fs/semihostingfs.c
+++ b/fs/semihostingfs.c
@@ -25,6 +25,9 @@ static int smh_fs_read_at(const char *filename, loff_t pos, 
void *buffer,
 {
        long fd, size, ret;
 
+       if (pos > LONG_MAX || maxsize > LONG_MAX)
+               return -EINVAL;
+
        fd = smh_open(filename, MODE_READ | MODE_BINARY);
        if (fd < 0)
                return fd;
@@ -33,15 +36,8 @@ static int smh_fs_read_at(const char *filename, loff_t pos, 
void *buffer,
                smh_close(fd);
                return ret;
        }
-       if (!maxsize) {
-               size = smh_flen(fd);
-               if (ret < 0) {
-                       smh_close(fd);
-                       return size;
-               }
-
-               maxsize = size;
-       }
+       if (!maxsize)
+               maxsize = LONG_MAX;
 
        size = smh_read(fd, buffer, maxsize);
        smh_close(fd);
-- 
2.39.2

Reply via email to