]> granicus.if.org Git - zfs/commitdiff
projects / zfs / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b815ec3)
Fix uioskip crash when skip to end
authorChunwei Chen <tuxoko@gmail.com>
Tue, 29 Sep 2015 07:02:31 +0000 (00:02 -0700)
committerBrian Behlendorf <behlendorf1@llnl.gov>
Tue, 29 Sep 2015 17:06:58 +0000 (10:06 -0700)
When doing uioskip to skip an iovec to the very end, the current loop
condition will falsely check pass the end of iovec. We fix this checking
uio_iovcnt first.

Signed-off-by: Chunwei Chen <tuxoko@gmail.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3806
Closes #3850

module/zcommon/zfs_uio.c patch | blob | history

diff --git a/module/zcommon/zfs_uio.c b/module/zcommon/zfs_uio.c
index 6037fed8015154591d52723f8960bd1c78cfede9..f78db68e4ea640eafce35504b783b62f622855b9 100644 (file)
--- a/module/zcommon/zfs_uio.c
+++ b/module/zcommon/zfs_uio.c
@@ -236,13 +236,15 @@ uioskip(uio_t *uiop, size_t n)
 
        uiop->uio_skip += n;
        if (uiop->uio_segflg != UIO_BVEC) {
-               while (uiop->uio_skip >= uiop->uio_iov->iov_len) {
+               while (uiop->uio_iovcnt &&
+                   uiop->uio_skip >= uiop->uio_iov->iov_len) {
                        uiop->uio_skip -= uiop->uio_iov->iov_len;
                        uiop->uio_iov++;
                        uiop->uio_iovcnt--;
                }
        } else {
-               while (uiop->uio_skip >= uiop->uio_bvec->bv_len) {
+               while (uiop->uio_iovcnt &&
+                   uiop->uio_skip >= uiop->uio_bvec->bv_len) {
                        uiop->uio_skip -= uiop->uio_bvec->bv_len;
                        uiop->uio_bvec++;
                        uiop->uio_iovcnt--;
Unnamed repository; edit this file 'description' to name the repository.