From mboxrd@z Thu Jan 1 00:00:00 1970 From: Richard Genoud Date: Tue, 3 Nov 2020 12:11:24 +0100 Subject: [PATCH v2 26/28] fs/squashfs: sqfs_read: remove buggy offset functionality In-Reply-To: <20201103111126.23600-1-richard.genoud@posteo.net> References: <20201103111126.23600-1-richard.genoud@posteo.net> Message-ID: <20201103111126.23600-27-richard.genoud@posteo.net> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de offset is the offset in the file read, not the offset in the destination buffer. If the offset is not null, this will lead to a memory corruption. So, for now, we are returning an error if the offset is used. Signed-off-by: Richard Genoud --- fs/squashfs/sqfs.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c index 4710b2bd707..f63a06fd40f 100644 --- a/fs/squashfs/sqfs.c +++ b/fs/squashfs/sqfs.c @@ -1327,6 +1327,14 @@ int sqfs_read(const char *filename, void *buf, loff_t offset, loff_t len, *actread = 0; + if (offset) { + /* + * TODO: implement reading at an offset in file + */ + printf("Error: reading at a specific offset in a squashfs file is not supported yet.\n"); + return -EINVAL; + } + /* * sqfs_opendir will uncompress inode and directory tables, and will * return a pointer to the directory that contains the requested file. @@ -1466,12 +1474,12 @@ int sqfs_read(const char *filename, void *buf, loff_t offset, loff_t len, if ((*actread + dest_len) > len) dest_len = len - *actread; - memcpy(buf + offset + *actread, datablock, dest_len); + memcpy(buf + *actread, datablock, dest_len); *actread += dest_len; } else { if ((*actread + table_size) > len) table_size = len - *actread; - memcpy(buf + offset + *actread, data, table_size); + memcpy(buf + *actread, data, table_size); *actread += table_size; } @@ -1523,7 +1531,7 @@ int sqfs_read(const char *filename, void *buf, loff_t offset, loff_t len, goto out; } - for (j = offset + *actread; j < finfo.size; j++) { + for (j = *actread; j < finfo.size; j++) { memcpy(buf + j, &fragment_block[finfo.offset + j], 1); (*actread)++; } @@ -1533,7 +1541,7 @@ int sqfs_read(const char *filename, void *buf, loff_t offset, loff_t len, } else if (finfo.frag && !finfo.comp) { fragment_block = (void *)fragment + table_offset; - for (j = offset + *actread; j < finfo.size; j++) { + for (j = *actread; j < finfo.size; j++) { memcpy(buf + j, &fragment_block[finfo.offset + j], 1); (*actread)++; }