disk.c: fix silent sz truncation and explicitly bound disk IO

rizlik · danielinux · commit b0cc295b7189 · 2026-02-27T15:09:36.000+01:00
diff --git a/include/disk.h b/include/disk.h
@@ -25,6 +25,9 @@
 #include <stdint.h>
 #include "gpt.h"
 
+/* cap DISK I/O write operation to a reasonable size */
+#define DISK_IO_MAX_SIZE 0x7FFFFFFFUL
+
 #ifndef MAX_PARTITIONS
 #define MAX_PARTITIONS 16
 #endif
diff --git a/src/disk.c b/src/disk.c
@@ -276,12 +276,15 @@ static struct disk_partition *open_part(int drv, int part)
 int disk_part_read(int drv, int part, uint64_t off, uint64_t sz, uint8_t *buf)
 {
     struct disk_partition *p = open_part(drv, part);
-    int len = sz;
     uint64_t start;
+    int len;
     int ret;
     if (p == NULL) {
         return -1;
     }
+    if (sz > DISK_IO_MAX_SIZE)
+        sz = DISK_IO_MAX_SIZE;
+    len = (int)sz;
     start = p->start + off;
     /* overflow */
     if (start < p->start) {
@@ -325,12 +328,15 @@ int disk_part_read(int drv, int part, uint64_t off, uint64_t sz, uint8_t *buf)
 int disk_part_write(int drv, int part, uint64_t off, uint64_t sz, const uint8_t *buf)
 {
     struct disk_partition *p = open_part(drv, part);
-    int len = sz;
     uint64_t start;
+    int len;
     int ret;
     if (p == NULL) {
         return -1;
     }
+    if (sz > DISK_IO_MAX_SIZE)
+        sz = DISK_IO_MAX_SIZE;
+    len = (int)sz;
     start = p->start + off;
     /* overflow */
     if (start < p->start) {
