From 0be42c8833b2c1ecb5a6df225d57c5d2aafcd209 Mon Sep 17 00:00:00 2001 From: Ronnie Sahlberg Date: Sun, 12 Jun 2011 10:44:31 +1000 Subject: [PATCH] If an application specifies zero-copy read-buffers to read the data into for a read10 call, the application might have specified too few buffers for the full I/O. For example if the application tries to read just 512 bytes off a MMC device. In this case we wopuld run out of buffers and fail with a SEGV. Instead of failing like this, return NULL from the function to locate a suitable buffer and read the remaining data from the command into the callback buffer instead, just like when no read-buffer at all has been specified. --- lib/scsi-lowlevel.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/scsi-lowlevel.c b/lib/scsi-lowlevel.c index 18fe17a..c9460f4 100644 --- a/lib/scsi-lowlevel.c +++ b/lib/scsi-lowlevel.c @@ -1107,8 +1107,14 @@ scsi_task_get_data_in_buffer(struct scsi_task *task, uint32_t pos, ssize_t *coun } while (pos >= sdb->len) { - pos -= sdb->len; - sdb = sdb->next; + pos -= sdb->len; + sdb = sdb->next; + if (sdb == NULL) { + /* someone issued a read but did not provide enough user buffers for all the data. + * maybe someone tried to read just 512 bytes off a MMC device? + */ + return NULL; + } } if (count && *count > sdb->len - pos) {