do_splice_to(): cap the size before passing to ->splice_read()

author Al Viro <viro@zeniv.linux.org.uk>

Sat, 2 Apr 2016 18:56:58 +0000 (14:56 -0400)

committer Al Viro <viro@zeniv.linux.org.uk>

Sun, 3 Apr 2016 23:52:59 +0000 (19:52 -0400)
author Al Viro <viro@zeniv.linux.org.uk>
Sat, 2 Apr 2016 18:56:58 +0000 (14:56 -0400)
committer Al Viro <viro@zeniv.linux.org.uk>
Sun, 3 Apr 2016 23:52:59 +0000 (19:52 -0400)
diff --git a/fs/splice.c b/fs/splice.c

index 9947b5c..a6b87b7 100644 (file)
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1143,6 +1143,9 @@ static long do_splice_to(struct file *in, loff_t *ppos,
         if (unlikely(ret < 0))
                 return ret;
  
+       if (unlikely(len > MAX_RW_COUNT))
+               len = MAX_RW_COUNT;
+
         if (in->f_op->splice_read)
                 splice_read = in->f_op->splice_read;
         else
author	Al Viro <viro@zeniv.linux.org.uk>
	Sat, 2 Apr 2016 18:56:58 +0000 (14:56 -0400)
committer	Al Viro <viro@zeniv.linux.org.uk>
	Sun, 3 Apr 2016 23:52:59 +0000 (19:52 -0400)