[PATCH v4] erofs-utils: fuse: fix random readlink error
Gao Xiang
hsiangkao at aol.com
Mon Mar 1 00:53:12 AEDT 2021
From: Hu Weiwen <sehuww at mail.scut.edu.cn>
readlink should fill a **null-terminated** string in the buffer [1].
To achieve this:
1) memset(0) for unmapped extents;
2) make erofsfuse_read() properly returning the actual bytes read;
3) insert a null character if the path is truncated.
[1] https://lore.kernel.org/r/20210121101233.GC6680@DESKTOP-N4CECTO.huww98.cn
Signed-off-by: Hu Weiwen <sehuww at mail.scut.edu.cn>
Reviewed-by: Li Guifu <bluce.lee at aliyun.com>
Signed-off-by: Gao Xiang <hsiangkao at aol.com>
---
changes since v3:
- fix z_erofs_read_data() buffer range as well.
fuse/main.c | 8 ++++++++
lib/data.c | 46 +++++++++++++++++++++++++---------------------
2 files changed, 33 insertions(+), 21 deletions(-)
diff --git a/fuse/main.c b/fuse/main.c
index c16291272e75..37119ea8728d 100644
--- a/fuse/main.c
+++ b/fuse/main.c
@@ -74,6 +74,10 @@ static int erofsfuse_read(const char *path, char *buffer,
ret = erofs_pread(&vi, buffer, size, offset);
if (ret)
return ret;
+ if (offset + size > vi.i_size)
+ return vi.i_size - offset;
+ if (offset >= vi.i_size)
+ return 0;
return size;
}
@@ -83,6 +87,10 @@ static int erofsfuse_readlink(const char *path, char *buffer, size_t size)
if (ret < 0)
return ret;
+ DBG_BUGON(ret > size);
+ if (ret == size)
+ buffer[size - 1] = '\0';
+ erofs_dbg("readlink(%s): %s", path, buffer);
return 0;
}
diff --git a/lib/data.c b/lib/data.c
index 3781846743aa..56de16b3c840 100644
--- a/lib/data.c
+++ b/lib/data.c
@@ -29,6 +29,7 @@ static int erofs_map_blocks_flatmode(struct erofs_inode *inode,
if (offset >= inode->i_size) {
/* leave out-of-bound access unmapped */
map->m_flags = 0;
+ map->m_plen = 0;
goto out;
}
@@ -80,6 +81,7 @@ static int erofs_read_raw_data(struct erofs_inode *inode, char *buffer,
erofs_off_t ptr = offset;
while (ptr < offset + size) {
+ char *const estart = buffer + ptr - offset;
erofs_off_t eend;
map.m_la = ptr;
@@ -89,29 +91,30 @@ static int erofs_read_raw_data(struct erofs_inode *inode, char *buffer,
DBG_BUGON(map.m_plen != map.m_llen);
+ /* trim extent */
+ eend = min(offset + size, map.m_la + map.m_llen);
+ DBG_BUGON(ptr < map.m_la);
+
if (!(map.m_flags & EROFS_MAP_MAPPED)) {
if (!map.m_llen) {
+ /* reached EOF */
+ memset(estart, 0, offset + size - ptr);
ptr = offset + size;
continue;
}
- ptr = map.m_la + map.m_llen;
+ memset(estart, 0, eend - ptr);
+ ptr = eend;
continue;
}
- /* trim extent */
- eend = min(offset + size, map.m_la + map.m_llen);
- DBG_BUGON(ptr < map.m_la);
-
if (ptr > map.m_la) {
map.m_pa += ptr - map.m_la;
map.m_la = ptr;
}
- ret = dev_read(buffer + ptr - offset,
- map.m_pa, eend - map.m_la);
+ ret = dev_read(estart, map.m_pa, eend - map.m_la);
if (ret < 0)
return -EIO;
-
ptr = eend;
}
return 0;
@@ -137,19 +140,6 @@ static int z_erofs_read_data(struct erofs_inode *inode, char *buffer,
if (ret)
return ret;
- if (!(map.m_flags & EROFS_MAP_MAPPED)) {
- end = map.m_la;
- continue;
- }
-
- ret = dev_read(raw, map.m_pa, EROFS_BLKSIZ);
- if (ret < 0)
- return -EIO;
-
- algorithmformat = map.m_flags & EROFS_MAP_ZIPPED ?
- Z_EROFS_COMPRESSION_LZ4 :
- Z_EROFS_COMPRESSION_SHIFTED;
-
/*
* trim to the needed size if the returned extent is quite
* larger than requested, and set up partial flag as well.
@@ -171,6 +161,20 @@ static int z_erofs_read_data(struct erofs_inode *inode, char *buffer,
end = map.m_la;
}
+ if (!(map.m_flags & EROFS_MAP_MAPPED)) {
+ memset(buffer + end - offset, 0, length);
+ end = map.m_la;
+ continue;
+ }
+
+ ret = dev_read(raw, map.m_pa, EROFS_BLKSIZ);
+ if (ret < 0)
+ return -EIO;
+
+ algorithmformat = map.m_flags & EROFS_MAP_ZIPPED ?
+ Z_EROFS_COMPRESSION_LZ4 :
+ Z_EROFS_COMPRESSION_SHIFTED;
+
ret = z_erofs_decompress(&(struct z_erofs_decompress_req) {
.in = raw,
.out = buffer + end - offset,
--
2.24.0
More information about the Linux-erofs
mailing list