On 1/13/26 2:05 PM, Sascha Hauer wrote:
> On Mon, Jan 12, 2026 at 09:56:05AM +0100, Ahmad Fatoum wrote:
>> md -s /dev/mmappable.device will read out-of-bounds if the byte count to
>> read exceeds the device size.
>>
>> Limit the size read from the memmap to fix this.
>>
>> Signed-off-by: Ahmad Fatoum <[email protected]>
>> ---
>> commands/md.c | 4 ++++
>> common/ratp/md.c | 4 ++++
>> 2 files changed, 8 insertions(+)
>>
>> diff --git a/commands/md.c b/commands/md.c
>> index f3758f571fb2..401538d4d8be 100644
>> --- a/commands/md.c
>> +++ b/commands/md.c
>> @@ -25,6 +25,7 @@ static int do_mem_md(int argc, char *argv[])
>> loff_t start = 0, size = 0x100;
>> int r, now;
>> int ret = 0;
>> + struct stat st;
>> int fd;
>> char *filename = "/dev/mem";
>> int mode = O_RWSIZE_4;
>> @@ -54,6 +55,9 @@ static int do_mem_md(int argc, char *argv[])
>> return 1;
>> }
>>
>> + if (!fstat(fd, &st) && st.st_size != FILE_SIZE_STREAM)
>> + size = min(size, st.st_size);
>
> This should take start into account.
I will resend a v2 of this one patch. Feel free to pick the others if
you are ok with them.
>
> Sascha
>
