The return value of smh_flen() is written to size and not to ret. But ret
is checked. We can avoid calling smh_flen() by setting maxsize to LONG_MAX
if it is not set yet.
Check input parameters.
Fixes: f676b45151c3 ("fs: Add semihosting filesystem")
Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com>
---
fs/semihostingfs.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/fs/semihostingfs.c b/fs/semihostingfs.c
index 96eb3349a2..8a7d4da884 100644
--- a/fs/semihostingfs.c
+++ b/fs/semihostingfs.c
@@ -25,6 +25,9 @@ static int smh_fs_read_at(const char *filename, loff_t pos,
void *buffer,
{
long fd, size, ret;
+ if (pos > LONG_MAX || maxsize > LONG_MAX)
+ return -EINVAL;
+
fd = smh_open(filename, MODE_READ | MODE_BINARY);
if (fd < 0)
return fd;
@@ -33,15 +36,8 @@ static int smh_fs_read_at(const char *filename, loff_t pos,
void *buffer,
smh_close(fd);
return ret;
}
- if (!maxsize) {
- size = smh_flen(fd);
- if (ret < 0) {
- smh_close(fd);
- return size;
- }
-
- maxsize = size;
- }
+ if (!maxsize)
+ maxsize = LONG_MAX;
size = smh_read(fd, buffer, maxsize);
smh_close(fd);
--
2.39.2
