Date: Sun, 17 Feb 2019 17:47:08 +0000 (UTC) From: Patrick Kelsey <pkelsey@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r344234 - head/stand/libsa/zfs Message-ID: <201902171747.x1HHl8A7074435@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pkelsey Date: Sun Feb 17 17:47:08 2019 New Revision: 344234 URL: https://svnweb.freebsd.org/changeset/base/344234 Log: It turns out r344226 narrowed the overrun bug but did not eliminate it entirely This commit fixes a remaining output buffer overrun in the single-sector case when there is a non-zero tail. Reviewed by: allanjude, tsoome MFC after: 3 months MFC with: r344226 Differential Revision: https://reviews.freebsd.org/D19220 Modified: head/stand/libsa/zfs/zfs.c Modified: head/stand/libsa/zfs/zfs.c ============================================================================== --- head/stand/libsa/zfs/zfs.c Sun Feb 17 16:56:41 2019 (r344233) +++ head/stand/libsa/zfs/zfs.c Sun Feb 17 17:47:08 2019 (r344234) @@ -435,8 +435,8 @@ vdev_read(vdev_t *vdev, void *priv, off_t offset, void ret = EIO; goto error; } - memcpy(outbuf, bouncebuf + head, secsz - head); - outbuf += secsz - head; + memcpy(outbuf, bouncebuf + head, min(secsz - head, bytes)); + outbuf += min(secsz - head, bytes); } /* Full data return from read sectors */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201902171747.x1HHl8A7074435>