From 235f71ba4767d4ab9a3e7706a3f77a7803e82cda Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@gmx.de>
Date: Wed, 1 Aug 2012 01:10:24 +0200
Subject: [PATCH] cwfs: fix read offset integer overflow

---
 sys/src/cmd/cwfs/9p1.c | 5 +++--
 sys/src/cmd/cwfs/9p2.c | 4 +++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/sys/src/cmd/cwfs/9p1.c b/sys/src/cmd/cwfs/9p1.c
index a040009cc..3c8b3af0c 100644
--- a/sys/src/cmd/cwfs/9p1.c
+++ b/sys/src/cmd/cwfs/9p1.c
@@ -911,8 +911,9 @@ f_read(Chan *cp, Fcall *in, Fcall *ou)
 		}
 		goto out;
 	}
-
-	if(offset+count > d->size)
+	if(offset >= d->size)
+		count = 0;
+	else if(offset+count > d->size)
 		count = d->size - offset;
 	while(count > 0) {
 		if(p == 0) {
diff --git a/sys/src/cmd/cwfs/9p2.c b/sys/src/cmd/cwfs/9p2.c
index aeb7d6190..87736ab6e 100644
--- a/sys/src/cmd/cwfs/9p2.c
+++ b/sys/src/cmd/cwfs/9p2.c
@@ -1017,7 +1017,9 @@ fs_read(Chan* chan, Fcall* f, Fcall* r, uchar* data)
 	accessdir(p, d, FREAD, file->uid);
 	if(d->mode & DDIR)
 		goto dread;
-	if(offset+count > d->size)
+	if(offset >= d->size)
+		count = 0;
+	else if(offset+count > d->size)
 		count = d->size - offset;
 	while(count > 0){
 		if(p == nil){