Linus Torvalds writes: (Summary) I was going to point to the s_maxbytes check in rw_verify_area() and
ask you how that ever worked for that file, but it's not there, the
s_maxbyte checks are only in lseek and in do_splice().
So apparently we protect against llseek + read/write, but we don't protect
against pread64/pwrite64 having offset overflows..
against pread64/pwrite64 having offset overflows..
That's crazy. Did we always have this gaping hole where we didn't actually check s_maxbytes against read/write, only generic_file_llseek? Apparently.
Linus
Linus
Linus
against pread64/pwrite64 having offset overflows..
That's crazy. Did we always have this gaping hole where we didn't actually check s_maxbytes against read/write, only generic_file_llseek? Apparently.
Linus
Linus
Linus