mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-09-30 00:31:14 +00:00
Kernel: Fix TmpFS resize behavior around INT32_MAX for 32-bit systems
We need some overflow checks due to the implementation of TmpFS. When size_t is 32 bits and off_t is 64 bits, we might overflow our KBuffer max size and confuse the KBuffer set_size code, causing a VERIFY failure. Make sure that resulting offset + size will fit in a size_t. Another constraint, we make sure that the resulting offset + size will be less than half of the maximum value of a size_t, because we double the KBuffer size each time we resize it.
This commit is contained in:
parent
4cc75501d7
commit
3f0dcd63dc
Notes:
sideshowbarker
2024-07-18 09:18:50 +09:00
Author: https://github.com/ADKaster Commit: https://github.com/SerenityOS/serenity/commit/3f0dcd63dcc Pull-request: https://github.com/SerenityOS/serenity/pull/8522 Reviewed-by: https://github.com/alimpfard Reviewed-by: https://github.com/awesomekling
|
@ -159,11 +159,14 @@ KResultOr<size_t> TmpFSInode::write_bytes(off_t offset, size_t size, const UserO
|
|||
|
||||
off_t old_size = m_metadata.size;
|
||||
off_t new_size = m_metadata.size;
|
||||
if (offset + size > (size_t)new_size)
|
||||
if (static_cast<off_t>(offset + size) > new_size)
|
||||
new_size = offset + size;
|
||||
|
||||
if (static_cast<u64>(new_size) > (NumericLimits<size_t>::max() / 2)) // on 32-bit, size_t might be 32 bits while off_t is 64 bits
|
||||
return ENOMEM; // we won't be able to resize to this capacity
|
||||
|
||||
if (new_size > old_size) {
|
||||
if (m_content && m_content->capacity() >= (size_t)new_size) {
|
||||
if (m_content && static_cast<off_t>(m_content->capacity()) >= new_size) {
|
||||
m_content->set_size(new_size);
|
||||
} else {
|
||||
// Grow the content buffer 2x the new sizeto accommodate repeating write() calls.
|
||||
|
|
Loading…
Reference in a new issue