[PATCH 1/1] fs: fix smh_fs_read_at()

Heinrich Schuchardt heinrich.schuchardt at canonical.com
Wed May 17 12:23:00 CEST 2023


The return value of smh_flen() is written to size and not to ret. But ret
is checked. We can avoid calling smh_flen() by setting maxsize to LONG_MAX
if it is not set yet.

Check input parameters.

Fixes: f676b45151c3 ("fs: Add semihosting filesystem")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
---
 fs/semihostingfs.c | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/fs/semihostingfs.c b/fs/semihostingfs.c
index 96eb3349a2..8a7d4da884 100644
--- a/fs/semihostingfs.c
+++ b/fs/semihostingfs.c
@@ -25,6 +25,9 @@ static int smh_fs_read_at(const char *filename, loff_t pos, void *buffer,
 {
 	long fd, size, ret;
 
+	if (pos > LONG_MAX || maxsize > LONG_MAX)
+		return -EINVAL;
+
 	fd = smh_open(filename, MODE_READ | MODE_BINARY);
 	if (fd < 0)
 		return fd;
@@ -33,15 +36,8 @@ static int smh_fs_read_at(const char *filename, loff_t pos, void *buffer,
 		smh_close(fd);
 		return ret;
 	}
-	if (!maxsize) {
-		size = smh_flen(fd);
-		if (ret < 0) {
-			smh_close(fd);
-			return size;
-		}
-
-		maxsize = size;
-	}
+	if (!maxsize)
+		maxsize = LONG_MAX;
 
 	size = smh_read(fd, buffer, maxsize);
 	smh_close(fd);
-- 
2.39.2



More information about the U-Boot mailing list