nfsv3: fix crash when performing very large reads
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>master
parent
965b1914ef
commit
820dc73e32
|
@ -4640,6 +4640,13 @@ nfs3_pread_mcb(struct rpc_context *rpc, int status, void *command_data,
|
||||||
data->buffer = res->READ3res_u.resok.data.data_val;
|
data->buffer = res->READ3res_u.resok.data.data_val;
|
||||||
data->not_my_buffer = 1;
|
data->not_my_buffer = 1;
|
||||||
} else if (count <= mdata->count) {
|
} else if (count <= mdata->count) {
|
||||||
|
if (data->buffer == NULL) {
|
||||||
|
data->buffer = malloc(data->org_count);
|
||||||
|
if (data->buffer == NULL) {
|
||||||
|
data->oom = 1;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
}
|
||||||
/* copy data into reassembly buffer */
|
/* copy data into reassembly buffer */
|
||||||
memcpy(&data->buffer[mdata->offset - data->offset], res->READ3res_u.resok.data.data_val, count);
|
memcpy(&data->buffer[mdata->offset - data->offset], res->READ3res_u.resok.data.data_val, count);
|
||||||
} else {
|
} else {
|
||||||
|
@ -4741,7 +4748,7 @@ nfs3_pread_async_internal(struct nfs_context *nfs, struct nfsfh *nfsfh,
|
||||||
data->private_data = private_data;
|
data->private_data = private_data;
|
||||||
data->nfsfh = nfsfh;
|
data->nfsfh = nfsfh;
|
||||||
data->org_offset = offset;
|
data->org_offset = offset;
|
||||||
data->org_count = (count3)count;
|
data->org_count = count;
|
||||||
data->update_pos = update_pos;
|
data->update_pos = update_pos;
|
||||||
|
|
||||||
assert(data->num_calls == 0);
|
assert(data->num_calls == 0);
|
||||||
|
|
Loading…
Reference in New Issue