pool/gvfs
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b92b5d8eb8
gvfs/gvfs-mtp-handle-read-past-eof.patch
Dominique Leuenberger 4370ea0b21 Accepting request 543980 from home:mgorse:branches:GNOME:Factory 
- Add gvfs-mtp-handle-read-past-eof.patch: fix hang when
  transferring on some Android devices (boo#1069030 bgo#784477).

OBS-URL: https://build.opensuse.org/request/show/543980
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gvfs?expand=0&rev=291
2017-11-21 15:31:34 +00:00

63 lines
2.2 KiB
Diff
Raw Blame History

From 091ac25d59d0dc0f5fed17510b0593bcd86e9fc9 Mon Sep 17 00:00:00 2001
From: Philip Langdale <philipl@overt.org>
Date: Fri, 10 Nov 2017 07:59:42 -0800
Subject: mtp: Handle read-past-EOF in GetPartialObject(64)
ourselves
Up until very recently, the Android MTP driver did not do bounds checking
on reads past EOF, leading to undefined behaviour, which includes
hanging the transfer on some devices.
According to Google engineers, this is fixed in the kernels used by
the Pixel and Pixel 2 (and this has been verified in testing), but
that basically means that every other Android device in existence has
this bug, and is unlikely to ever be fixed.
So, we need to enforce POSIX semantics ourselves and truncate reads
past EOF. libmtp has implemented a check, but we should validate as
well so that we have working behaviour without requiring a libmtp
update.
https://bugzilla.gnome.org/show_bug.cgi?id=784477
---
daemon/gvfsbackendmtp.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/daemon/gvfsbackendmtp.c b/daemon/gvfsbackendmtp.c
index 2a418a2a..a606ec2c 100644
--- a/daemon/gvfsbackendmtp.c
+++ b/daemon/gvfsbackendmtp.c
@@ -2444,6 +2444,21 @@ do_read (GVfsBackend *backend,
goto exit;
}
+ /*
+ * Almost all android devices have a bug where they do not enforce
+ * POSIX semantics for read past EOF, leading to undefined
+ * behaviour including device-side hangs. We'd better handle it
+ * here.
+ */
+ if (offset >= handle->size) {
+ g_debug ("(II) skipping read with offset past EOF\n");
+ actual = 0;
+ goto finished;
+ } else if (offset + bytes_requested > handle->size) {
+ g_debug ("(II) reducing bytes_requested to avoid reading past EOF\n");
+ bytes_requested = handle->size - offset;
+ }
+
unsigned char *temp;
int ret = LIBMTP_GetPartialObject (G_VFS_BACKEND_MTP (backend)->device, id, offset,
bytes_requested, &temp, &actual);
@@ -2464,6 +2479,7 @@ do_read (GVfsBackend *backend,
memcpy (buffer, bytes->data + offset, actual);
}
+ finished:
handle->offset = offset + actual;
g_vfs_job_read_set_size (job, actual);
g_vfs_job_succeeded (G_VFS_JOB (job));
--
2.15.0
Reference in New Issue View Git Blame Copy Permalink