From e65f5213637e71f6f88763ce177fd23c65e1033d Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 27 Sep 2010 10:51:38 +0100
Subject: [PATCH] pread: Check count and offset parameters are not negative.

---
 daemon/file.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/daemon/file.c b/daemon/file.c
index 9403100..5bc5f41 100644
--- a/daemon/file.c
+++ b/daemon/file.c
@@ -415,6 +415,16 @@ do_pread (const char *path, int count, int64_t offset, size_t *size_r)
   ssize_t r;
   char *buf;
 
+  if (count < 0) {
+    reply_with_error ("count is negative");
+    return NULL;
+  }
+
+  if (offset < 0) {
+    reply_with_error ("offset is negative");
+    return NULL;
+  }
+
   /* The actual limit on messages is smaller than this.  This check
    * just limits the amount of memory we'll try and allocate in the
    * function.  If the message is larger than the real limit, that
-- 
1.8.3.1