yaffs direct: Modify lseek value checking

[yaffs2.git] / direct / yaffsfs.c

diff --git a/direct/yaffsfs.c b/direct/yaffsfs.c
index 8a0d66cfef80736a7b808e25b1ee2bfe4dc6d467..f32808d758829d4893a175f753a7a6fd01ea727f 100644 (file)
--- a/direct/yaffsfs.c
+++ b/direct/yaffsfs.c
@@ -211,8 +211,10 @@ static void yaffsfs_PutInode(int inodeId)
        if(inodeId >= 0 && inodeId < YAFFSFS_N_HANDLES){
                yaffsfs_Inode *in = & yaffsfs_inode[inodeId];
                in->count--;
-               if(in->count <= 0)
+               if(in->count <= 0){
                        yaffsfs_ReleaseInode(in);
+                       in->count = 0;
+               }
        }       
 }
 
@@ -277,15 +279,19 @@ static int yaffsfs_PutHandle(int handle)
        return 0;
 }
 
-static void yaffsfs_PutDeviceHandles(struct yaffs_dev *dev)
+static void yaffsfs_BreakDeviceHandles(struct yaffs_dev *dev)
 {
-       yaffsfs_Handle *yh;
+       yaffsfs_Handle *h;
+       struct yaffs_obj *obj;
        int i;
        for(i = 0; i < YAFFSFS_N_HANDLES; i++){
-               yh = & yaffsfs_handle[i];
-               if(yh->useCount>0 && 
-                       yaffsfs_inode[yh->inodeId].iObj->my_dev == dev)
-                       yaffsfs_PutHandle(i);
+               h = yaffsfs_GetHandlePointer(i);
+               obj = yaffsfs_GetHandleObject(i);
+               if(h && h->useCount>0 && obj && obj->my_dev == dev){
+                       h->useCount = 0;
+                       yaffsfs_PutInode(h->inodeId);
+                       h->inodeId = -1;
+               }
        }
 }
 
@@ -881,6 +887,7 @@ int yaffsfs_do_read(int fd, void *vbuf, unsigned int nbyte, int isPread, int off
        struct yaffs_obj *obj = NULL;
        int pos = 0;
        int startPos = 0;
+       int endPos = 0;
        int nRead = 0;
        int nToRead = 0;
        int totalRead = 0;
@@ -921,6 +928,15 @@ int yaffsfs_do_read(int fd, void *vbuf, unsigned int nbyte, int isPread, int off
 
                yaffsfs_GetHandle(fd);
 
+               endPos = pos + nbyte;
+
+               if(pos < 0 || pos > YAFFS_MAX_FILE_SIZE ||
+                       nbyte > YAFFS_MAX_FILE_SIZE ||
+                       endPos < 0 || endPos > YAFFS_MAX_FILE_SIZE){
+                       totalRead = -1;
+                       nbyte = 0;
+               }
+
                while(nbyte > 0) {
                        nToRead = YAFFSFS_RW_SIZE - (pos & (YAFFSFS_RW_SIZE -1));
                        if(nToRead > nbyte)
@@ -960,9 +976,8 @@ int yaffsfs_do_read(int fd, void *vbuf, unsigned int nbyte, int isPread, int off
                if(!isPread) {
                        if(totalRead >= 0)
                                h->position = startPos + totalRead;
-                       else {
-                                       /* todo error */
-                       }
+                       else
+                               yaffsfs_SetError(-EINVAL);
                }
 
        }
@@ -989,6 +1004,7 @@ int yaffsfs_do_write(int fd, const void *vbuf, unsigned int nbyte, int isPwrite,
        struct yaffs_obj *obj = NULL;
        int pos = 0;
        int startPos = 0;
+       int endPos;
        int nWritten = 0;
        int totalWritten = 0;
        int write_trhrough = 0;
@@ -1016,6 +1032,15 @@ int yaffsfs_do_write(int fd, const void *vbuf, unsigned int nbyte, int isPwrite,
 
                yaffsfs_GetHandle(fd);
                pos = startPos;
+               endPos = pos + nbyte;
+
+               if(pos < 0 || pos > YAFFS_MAX_FILE_SIZE ||
+                       nbyte > YAFFS_MAX_FILE_SIZE ||
+                       endPos < 0 || endPos > YAFFS_MAX_FILE_SIZE){
+                       totalWritten = -1;
+                       nbyte = 0;
+               }
+
                while(nbyte > 0) {
 
                        nToWrite = YAFFSFS_RW_SIZE - (pos & (YAFFSFS_RW_SIZE -1));
@@ -1059,9 +1084,8 @@ int yaffsfs_do_write(int fd, const void *vbuf, unsigned int nbyte, int isPwrite,
                if(!isPwrite){
                        if(totalWritten > 0)
                                h->position = startPos + totalWritten;
-                       else {
-                               /* todo error */
-                       }
+                       else
+                               yaffsfs_SetError(-EINVAL);
                }
        }
 
@@ -1168,10 +1192,12 @@ off_t yaffs_lseek(int fd, off_t offset, int whence)
                                pos = fSize + offset;
                } 
 
-               if(pos >= 0)
+               if(pos >= 0 && pos <= YAFFS_MAX_FILE_SIZE)
                        h->position = pos;
-               else
+               else{
                        yaffsfs_SetError(-EINVAL);
+                       pos = -1;
+               }
        }
 
        yaffsfs_Unlock();
@@ -2154,7 +2180,7 @@ int yaffs_unmount2(const YCHAR *path, int force)
 
                        if(!inUse || force){
                                if(inUse)
-                                       yaffsfs_PutDeviceHandles(dev);
+                                       yaffsfs_BreakDeviceHandles(dev);
                                yaffs_deinitialise(dev);
 
                                retVal = 0;