From fd7001d020879d39b07822bd3a7af48725a2daff Mon Sep 17 00:00:00 2001 From: Norman Feske Date: Wed, 15 Mar 2023 15:33:07 +0100 Subject: [PATCH] os/vfs.h: don't truncate File_content The 'File_content' utility throws an exception whenever a file happens to get truncated during the reading process. But it silently truncates the data against the specified limit. In practice, exceeding the limit is usually an error case. This patch enhances the 'File_content' utility by throwing 'Truncated_during_read' in the limit-exceeded case as well, in order to ease the diagnosis of such cases. Issue #4788 --- repos/os/include/os/vfs.h | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/repos/os/include/os/vfs.h b/repos/os/include/os/vfs.h index 544655b2f2..a5a4ab8ea6 100644 --- a/repos/os/include/os/vfs.h +++ b/repos/os/include/os/vfs.h @@ -574,6 +574,10 @@ void Genode::with_xml_file_content(Readonly_file const &file, class Genode::File_content { + public: + + struct Limit { size_t value; }; + private: class Buffer @@ -597,6 +601,14 @@ class Genode::File_content } _buffer; + static size_t _checked_file_size(Vfs::file_size file_size, Limit limit) + { + if (file_size <= limit.value) + return size_t(file_size); + + throw Truncated_during_read(); + } + public: typedef Directory::Nonexistent_file Nonexistent_file; @@ -604,8 +616,6 @@ class Genode::File_content typedef Directory::Path Path; - struct Limit { size_t value; }; - /** * Constructor * @@ -616,7 +626,7 @@ class Genode::File_content File_content(Allocator &alloc, Directory const &dir, Path const &rel_path, Limit limit) : - _buffer(alloc, min((size_t)dir.file_size(rel_path), limit.value)) + _buffer(alloc, _checked_file_size(dir.file_size(rel_path), limit)) { /* read the file content into the buffer */ with_raw_file_content(Readonly_file(dir, rel_path),