iovec: make sure the caller actually wants anything in memcpy_fromiovecend
authorSasha Levin <sasha.levin@oracle.com>
Fri, 1 Aug 2014 03:00:35 +0000 (23:00 -0400)
committerDavid S. Miller <davem@davemloft.net>
Sat, 2 Aug 2014 22:25:21 +0000 (15:25 -0700)
Check for cases when the caller requests 0 bytes instead of running off
and dereferencing potentially invalid iovecs.

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
lib/iovec.c

index 7a7c2da4cddf47ce92e617a19b6079a16eb16af8..df3abd1eaa4a52da47f806ffa7f4d93867366637 100644 (file)
@@ -85,6 +85,10 @@ EXPORT_SYMBOL(memcpy_toiovecend);
 int memcpy_fromiovecend(unsigned char *kdata, const struct iovec *iov,
                        int offset, int len)
 {
+       /* No data? Done! */
+       if (len == 0)
+               return 0;
+
        /* Skip over the finished iovecs */
        while (offset >= iov->iov_len) {
                offset -= iov->iov_len;