[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gunzip store trouble identified
From: |
Roland McGrath |
Subject: |
Re: gunzip store trouble identified |
Date: |
Mon, 11 Mar 2002 18:09:16 -0500 (EST) |
> Because the size of the first run is smaller than that, store_read tries
> to read from multiple stores.
You mean multiple runs.
> Because in this case store_next_run is called, and store_next_run wraps
> around, this will succeed.
That should not happen. It should not be wrapping around at all for most
stores. I suspect that what's needed is an end-of-store check in
store_next_run, or perhaps better yet in store_read/store_write. This is
another case where the code was written to assume no calls off the end of
the store. For store_write, it should just have a check for trying to
write past the end of the store and return EINVAL or EIO or something at
the start. For store_read, it should cap the the addr+amount to the store
size when it's known.
> Now, store_read returns 256kb, and that wretches things in zread badly.
Even with store_read fixed, it looks to me that zread has a bug.
store_read may return a shorter length in NEW_IN_BUF_LEN wihtout changing
NEW_IN_BUF. In that case, the code now will ignore NEW_IN_BUF_LEN and
think the whole buffer has data. It needs to notice the value returned,
but also keep track of the whole buffer size so it munmap's all the pages.