Fix uioskip crash when skip to end

When doing uioskip to skip an iovec to the very end, the current loop
condition will falsely check pass the end of iovec. We fix this checking
uio_iovcnt first.

Signed-off-by: Chunwei Chen <tuxoko@gmail.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3806
Closes #3850
This commit is contained in:
Chunwei Chen 2015-09-29 00:02:31 -07:00 committed by Brian Behlendorf
parent b815ec32b3
commit 45838e3a41

View File

@ -236,13 +236,15 @@ uioskip(uio_t *uiop, size_t n)
uiop->uio_skip += n; uiop->uio_skip += n;
if (uiop->uio_segflg != UIO_BVEC) { if (uiop->uio_segflg != UIO_BVEC) {
while (uiop->uio_skip >= uiop->uio_iov->iov_len) { while (uiop->uio_iovcnt &&
uiop->uio_skip >= uiop->uio_iov->iov_len) {
uiop->uio_skip -= uiop->uio_iov->iov_len; uiop->uio_skip -= uiop->uio_iov->iov_len;
uiop->uio_iov++; uiop->uio_iov++;
uiop->uio_iovcnt--; uiop->uio_iovcnt--;
} }
} else { } else {
while (uiop->uio_skip >= uiop->uio_bvec->bv_len) { while (uiop->uio_iovcnt &&
uiop->uio_skip >= uiop->uio_bvec->bv_len) {
uiop->uio_skip -= uiop->uio_bvec->bv_len; uiop->uio_skip -= uiop->uio_bvec->bv_len;
uiop->uio_bvec++; uiop->uio_bvec++;
uiop->uio_iovcnt--; uiop->uio_iovcnt--;