kfs: fix read offset integer overflow

author: cinap_lenrek <cinap_lenrek@gmx.de> 2012-08-01 01:22:01 +0200
committer: cinap_lenrek <cinap_lenrek@gmx.de> 2012-08-01 01:22:01 +0200
commit: acc239ef26417ca35badf37b58242eeb0e0663fa (patch)
tree: 9341f6e3c2fd40efa68774e8b5084785cb0911db /sys
parent: 235f71ba4767d4ab9a3e7706a3f77a7803e82cda (diff)
2 files changed, 6 insertions, 2 deletions
diff --git a/sys/src/cmd/disk/kfs/9p1.c b/sys/src/cmd/disk/kfs/9p1.c
index 2a3b5e9c8..0078d59ee 100644
--- a/sys/src/cmd/disk/kfs/9p1.c
+++ b/sys/src/cmd/disk/kfs/9p1.c
@@ -807,7 +807,9 @@ f_read(Chan *cp, Oldfcall *in, Oldfcall *ou)
 		addr = 0;
 		goto dread;
 	}
-	if(offset+count > d->size)
+	if(offset >= d->size)
+		count = 0;
+	else if(offset+count > d->size)
 		count = d->size - offset;
 	while(count > 0) {
 		addr = offset / BUFSIZE;
diff --git a/sys/src/cmd/disk/kfs/9p2.c b/sys/src/cmd/disk/kfs/9p2.c
index 0559d85c4..de99ebd8f 100644
--- a/sys/src/cmd/disk/kfs/9p2.c
+++ b/sys/src/cmd/disk/kfs/9p2.c
@@ -1071,7 +1071,9 @@ fsread(Chan* chan, Fcall* f, Fcall* r)
 	accessdir(p, d, FREAD);
 	if(d->mode & DDIR)
 		goto dread;
-	if(offset+count > d->size)
+	if(offset >= d->size)
+		count = 0;
+	else if(offset+count > d->size)
 		count = d->size - offset;
 	while(count > 0){
 		if(p == nil){
author	cinap_lenrek <cinap_lenrek@gmx.de>	2012-08-01 01:22:01 +0200
committer	cinap_lenrek <cinap_lenrek@gmx.de>	2012-08-01 01:22:01 +0200
commit	acc239ef26417ca35badf37b58242eeb0e0663fa (patch)
tree	9341f6e3c2fd40efa68774e8b5084785cb0911db /sys
parent	235f71ba4767d4ab9a3e7706a3f77a7803e82cda (diff)