From c73195eff326447d91f7b1cbda94ac2ce00213a1 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Fri, 8 Dec 2017 14:07:06 +0100
Subject: [PATCH] vfs_aio_fork: Fix vfs_aio_pread

Copy the data that the child read into the caller's buffer. This can't
have been used in half a decade at least...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
 source3/modules/vfs_aio_fork.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/source3/modules/vfs_aio_fork.c b/source3/modules/vfs_aio_fork.c
index 3eaa26774f5..1538ed9cf46 100644
--- a/source3/modules/vfs_aio_fork.c
+++ b/source3/modules/vfs_aio_fork.c
@@ -534,6 +534,8 @@ static int get_idle_child(struct vfs_handle_struct *handle,
 
 struct aio_fork_pread_state {
 	struct aio_child *child;
+	size_t n;
+	void *data;
 	ssize_t ret;
 	struct vfs_aio_state vfs_aio_state;
 };
@@ -562,6 +564,8 @@ static struct tevent_req *aio_fork_pread_send(struct vfs_handle_struct *handle,
 	if (req == NULL) {
 		return NULL;
 	}
+	state->n = n;
+	state->data = data;
 
 	if (n > 128*1024) {
 		/* TODO: support variable buffers */
@@ -629,12 +633,20 @@ static void aio_fork_pread_done(struct tevent_req *subreq)
 		return;
 	}
 
-	state->child->busy = false;
-
 	retbuf = (struct rw_ret *)buf;
 	state->ret = retbuf->size;
 	state->vfs_aio_state.error = retbuf->ret_errno;
 	state->vfs_aio_state.duration = retbuf->duration;
+
+	if ((size_t)state->ret > state->n) {
+		tevent_req_error(req, EIO);
+		state->child->busy = false;
+		return;
+	}
+	memcpy(state->data, state->child->map->ptr, state->ret);
+
+	state->child->busy = false;
+
 	tevent_req_done(req);
 }
 
-- 
2.25.1