readX. Fix from Dmitry Shatrov <dhsatrov@linux.vnet.ibm.com>.
"In send_file_readX(), if startpos > sbuf.st_size, then smb_maxcnt is set
to an invalid large value due to integer overflow.
As for me, this resulted in MS Word hanging while trying to save
a 1.5Mb document."
This isn't in shipping code.
Jeremy.
(This used to be commit
af715c602a8ef6038e6272c7cc6a08501617ae67)
if (startpos > sbuf.st_size) {
smb_maxcnt = 0;
- }
-
- if (smb_maxcnt > (sbuf.st_size - startpos)) {
+ } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
smb_maxcnt = (sbuf.st_size - startpos);
}