[PATCH v2 26/28] fs/squashfs: sqfs_read: remove buggy offset functionality

Richard Genoud richard.genoud at posteo.net
Tue Nov 3 12:11:24 CET 2020 

offset is the offset in the file read, not the offset in the destination
buffer.
If the offset is not null, this will lead to a memory corruption.
So, for now, we are returning an error if the offset is used.

Signed-off-by: Richard Genoud <richard.genoud at posteo.net>
---
 fs/squashfs/sqfs.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
index 4710b2bd707..f63a06fd40f 100644
--- a/fs/squashfs/sqfs.c
+++ b/fs/squashfs/sqfs.c
@@ -1327,6 +1327,14 @@ int sqfs_read(const char *filename, void *buf, loff_t offset, loff_t len,
 
 	*actread = 0;
 
+	if (offset) {
+		/*
+		 * TODO: implement reading at an offset in file
+		 */
+		printf("Error: reading at a specific offset in a squashfs file is not supported yet.\n");
+		return -EINVAL;
+	}
+
 	/*
 	 * sqfs_opendir will uncompress inode and directory tables, and will
 	 * return a pointer to the directory that contains the requested file.
@@ -1466,12 +1474,12 @@ int sqfs_read(const char *filename, void *buf, loff_t offset, loff_t len,
 
 			if ((*actread + dest_len) > len)
 				dest_len = len - *actread;
-			memcpy(buf + offset + *actread, datablock, dest_len);
+			memcpy(buf + *actread, datablock, dest_len);
 			*actread += dest_len;
 		} else {
 			if ((*actread + table_size) > len)
 				table_size = len - *actread;
-			memcpy(buf + offset + *actread, data, table_size);
+			memcpy(buf + *actread, data, table_size);
 			*actread += table_size;
 		}
 
@@ -1523,7 +1531,7 @@ int sqfs_read(const char *filename, void *buf, loff_t offset, loff_t len,
 			goto out;
 		}
 
-		for (j = offset + *actread; j < finfo.size; j++) {
+		for (j = *actread; j < finfo.size; j++) {
 			memcpy(buf + j, &fragment_block[finfo.offset + j], 1);
 			(*actread)++;
 		}
@@ -1533,7 +1541,7 @@ int sqfs_read(const char *filename, void *buf, loff_t offset, loff_t len,
 	} else if (finfo.frag && !finfo.comp) {
 		fragment_block = (void *)fragment + table_offset;
 
-		for (j = offset + *actread; j < finfo.size; j++) {
+		for (j = *actread; j < finfo.size; j++) {
 			memcpy(buf + j, &fragment_block[finfo.offset + j], 1);
 			(*actread)++;
 		}

More information about the U-Boot mailing list