From: Piotr Kosko/Native/Web API (PLT) /SRPOL/Engineer/Samsung Electronics <p.kosko@samsung.com>
Date: Mon, 10 Feb 2020 12:22:35 +0000 (+0100)
Subject: [Filesystem] Fixing SVACE issue 423267
X-Git-Tag: accepted/tizen/unified/20200213.121556^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=8b5cff6c0a2ed9b92b8172fb0ecdfb99f40db9f6;p=platform%2Fcore%2Fapi%2Fwebapi-plugins.git

[Filesystem] Fixing SVACE issue 423267

Preventing integer overflow during subtraction.

Change-Id: I5ea92045a0b3b12641cba8c05de914f71997dae9
---

diff --git a/src/filesystem/filesystem_instance.cc b/src/filesystem/filesystem_instance.cc
index ffea27a..0e71a14 100644
--- a/src/filesystem/filesystem_instance.cc
+++ b/src/filesystem/filesystem_instance.cc
@@ -335,13 +335,15 @@ static std::vector<std::uint8_t> read_file(std::string path, long offset = 0,
     }
   };
 
-  if (0 != offset && 0 != std::fseek(file, offset, SEEK_SET)) {
+  auto size = file_size(file);
+  if (offset < 0 || size <= (size_t)offset ||
+      (0 != offset && 0 != std::fseek(file, offset, SEEK_SET))) {
     std::string err_msg = std::string("Cannot perform seek. ") + GetErrorString(errno);
     throw std::system_error{errno, std::generic_category(), err_msg};
   }
 
   if (NPOS == length) {
-    length = file_size(file) - offset;
+    length = size - offset;
   }
 
   return read_file(file, length);