fs/squashfs: sqfs_read: don't write beyond buffer size The length of the buffer wasn't taken into account when writing to the given buffer. Signed-off-by: Richard Genoud <richard.genoud@posteo.net>

commit: 6abdf01ad9f2441743b4f056f381d7ea9dd12c6a [log] [tgz]
author: Richard Genoud <richard.genoud@posteo.net> Tue Nov 03 12:11:23 2020 +0100
committer: Tom Rini <trini@konsulko.com> Thu Nov 19 09:45:49 2020 -0500
tree: 56c385bc02404d248bed95312ccaf1adcfd5dfcc
parent: ce0023140cb3a448cc2ef944538b8fe0fb118667 [diff] [blame]
diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
index 4350816..1ecdd01 100644
--- a/fs/squashfs/sqfs.c
+++ b/fs/squashfs/sqfs.c

@@ -1415,6 +1415,8 @@
 		}
 
 		finfo.size = len;
+	} else {
+		len = finfo.size;
 	}
 
 	if (datablk_count) {
@@ -1461,9 +1463,13 @@
 			if (ret)
 				goto out;
 
+			if ((*actread + dest_len) > len)
+				dest_len = len - *actread;
 			memcpy(buf + offset + *actread, datablock, dest_len);
 			*actread += dest_len;
 		} else {
+			if ((*actread + table_size) > len)
+				table_size = len - *actread;
 			memcpy(buf + offset + *actread, data, table_size);
 			*actread += table_size;
 		}
@@ -1471,6 +1477,8 @@
 		data_offset += table_size;
 		free(data_buffer);
 		data_buffer = NULL;
+		if (*actread >= len)
+			break;
 	}
 
 	/*
commit	6abdf01ad9f2441743b4f056f381d7ea9dd12c6a	[log] [tgz]
author	Richard Genoud <richard.genoud@posteo.net>	Tue Nov 03 12:11:23 2020 +0100
committer	Tom Rini <trini@konsulko.com>	Thu Nov 19 09:45:49 2020 -0500
tree	56c385bc02404d248bed95312ccaf1adcfd5dfcc
parent	ce0023140cb3a448cc2ef944538b8fe0fb118667 [diff] [blame]