There is possible type overflow in osd_read_prep() that may
cause too big value in lnb_rc followed by assertion.
Signed-off-by: Mikhail Pershin <mike.pershin@intel.com>
Change-Id: If17b533e7d0dcae7db57eefc0e5981821f628c56
Reviewed-on: http://review.whamcloud.com/16685
Tested-by: Jenkins
Reviewed-by: Alex Zhuravlev <alexey.zhuravlev@intel.com>
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Tested-by: Cliff White <cliff.white@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
{
struct osd_object *obj = osd_dt_obj(dt);
int i;
{
struct osd_object *obj = osd_dt_obj(dt);
int i;
- unsigned long size = 0;
loff_t eof;
LASSERT(dt_object_exists(dt));
loff_t eof;
LASSERT(dt_object_exists(dt));
continue;
lnb[i].lnb_rc = lnb[i].lnb_len;
continue;
lnb[i].lnb_rc = lnb[i].lnb_len;
- if (lnb[i].lnb_file_offset + lnb[i].lnb_len > eof) {
- lnb[i].lnb_rc = eof - lnb[i].lnb_file_offset;
- if (lnb[i].lnb_rc < 0)
+ if (lnb[i].lnb_file_offset + lnb[i].lnb_len >= eof) {
+ if (eof <= lnb[i].lnb_file_offset)
+ else
+ lnb[i].lnb_rc = eof - lnb[i].lnb_file_offset;
/* all subsequent rc should be 0 */
while (++i < npages)
/* all subsequent rc should be 0 */
while (++i < npages)
git://git.whamcloud.com / fs / lustre-release.git / commitdiff