From 21d99ce0cfefc82039f9bd45bd9d12eb47966992 Mon Sep 17 00:00:00 2001
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Mon, 16 Aug 2021 22:22:16 +0200
Subject: libstore: Detect device-based access overflow

recnum_t is 32bit while offsets are 64bit. We need to detect the
otherwise-silent truncation of the address. This happens here at 2TiB
for 512-byte sectors.

* libstore/device.c (dev_read, dev_write): Return EOVERFLOW on addresses
  that are larger than what the device interface can handle.
---
 libstore/device.c | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

(limited to 'libstore/device.c')

diff --git a/libstore/device.c b/libstore/device.c
index 0d4ca477..098506a0 100644
--- a/libstore/device.c
+++ b/libstore/device.c
@@ -52,7 +52,12 @@ dev_read (struct store *store,
 	  store_offset_t addr, size_t index, mach_msg_type_number_t amount,
 	  void **buf, mach_msg_type_number_t *len)
 {
-  return dev_error (device_read (store->port, 0, addr, amount,
+  recnum_t recnum = addr;
+
+  if (recnum != addr)
+    return EOVERFLOW;
+
+  return dev_error (device_read (store->port, 0, recnum, amount,
 				 (io_buf_ptr_t *)buf, len));
 }
 
@@ -62,10 +67,17 @@ dev_write (struct store *store,
 	   const void *buf, mach_msg_type_number_t len,
 	   mach_msg_type_number_t *amount)
 {
-  error_t err = dev_error (device_write (store->port, 0, addr,
+  recnum_t recnum = addr;
+  error_t err;
+  int amount_r;
+
+  if (recnum != addr)
+    return EOVERFLOW;
+
+  err = dev_error (device_write (store->port, 0, addr,
 					 (io_buf_ptr_t)buf, len,
-					 (int *) amount));
-  *amount = *(int *) amount;	/* stupid device.defs uses int */
+					 &amount_r));
+  *amount = amount_r;
   return err;
 }
 
-- 
cgit v1.2.3