From 0c44a12247352fc6f45c894da433a9688d67965b Mon Sep 17 00:00:00 2001
From: Andreas Kling <awesomekling@gmail.com>
Date: Sun, 12 Jan 2020 20:15:53 +0100
Subject: Kernel: read() and write() should EOVERFLOW if (offset+size)
 overflows

---
 Kernel/FileSystem/FileDescription.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'Kernel')

diff --git a/Kernel/FileSystem/FileDescription.cpp b/Kernel/FileSystem/FileDescription.cpp
index 27443230ab..b56e4743ba 100644
--- a/Kernel/FileSystem/FileDescription.cpp
+++ b/Kernel/FileSystem/FileDescription.cpp
@@ -105,6 +105,8 @@ off_t FileDescription::seek(off_t offset, int whence)
 ssize_t FileDescription::read(u8* buffer, ssize_t count)
 {
     LOCKER(m_lock);
+    if ((m_current_offset + count) < 0)
+        return -EOVERFLOW;
     SmapDisabler disabler;
     int nread = m_file->read(*this, buffer, count);
     if (nread > 0 && m_file->is_seekable())
@@ -115,6 +117,8 @@ ssize_t FileDescription::read(u8* buffer, ssize_t count)
 ssize_t FileDescription::write(const u8* data, ssize_t size)
 {
     LOCKER(m_lock);
+    if ((m_current_offset + size) < 0)
+        return -EOVERFLOW;
     SmapDisabler disabler;
     int nwritten = m_file->write(*this, data, size);
     if (nwritten > 0 && m_file->is_seekable())
-- 
cgit v1.2.3