os/vfs.h: don't truncate File_content

The 'File_content' utility throws an exception whenever a file happens to get truncated during the reading process. But it silently truncates the data against the specified limit. In practice, exceeding the limit is usually an error case. This patch enhances the 'File_content' utility by throwing 'Truncated_during_read' in the limit-exceeded case as well, in order to ease the diagnosis of such cases. Issue #4788
2025-01-18 18:56:29 +00:00 · 2023-03-15 15:33:07 +01:00 · 2023-03-15 15:33:07 +01:00 · fd7001d020
commit fd7001d020
parent 40333a8ee2
1 changed files with 13 additions and 3 deletions
--- a/repos/os/include/os/vfs.h
+++ b/repos/os/include/os/vfs.h
@ -574,6 +574,10 @@ void Genode::with_xml_file_content(Readonly_file const &file,

 class Genode::File_content
 {
+	public:
+
+		struct Limit { size_t value; };
+
 	private:

 		class Buffer
@ -597,6 +601,14 @@ class Genode::File_content

 		} _buffer;

+		static size_t _checked_file_size(Vfs::file_size file_size, Limit limit)
+		{
+			if (file_size <= limit.value)
+				return size_t(file_size);
+
+			throw Truncated_during_read();
+		}
+
 	public:

 		typedef Directory::Nonexistent_file Nonexistent_file;
@ -604,8 +616,6 @@ class Genode::File_content

 		typedef Directory::Path Path;

-		struct Limit { size_t value; };
-
 		/**
 		 * Constructor
 		 *
@ -616,7 +626,7 @@ class Genode::File_content
 		File_content(Allocator &alloc, Directory const &dir, Path const &rel_path,
 		             Limit limit)
 		:
-			_buffer(alloc, min((size_t)dir.file_size(rel_path), limit.value))
+			_buffer(alloc, _checked_file_size(dir.file_size(rel_path), limit))
 		{
 			/* read the file content into the buffer */
 			with_raw_file_content(Readonly_file(dir, rel_path),