From f52bb48748cf330d8d9a9c6350f53e84e4adaece Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 27 Mar 1998 02:39:26 +0000
Subject: Fix for client generated core-dump bug where offset to readraw was so
 large that when used with -DUSE_MMAP it caused the unsigned subtraction to
 wrap aound and become positive - thus causing a silly memcpy offset. Thanks
 to "Michael St. Laurent" <rowl@earthlink.net> for giving me the core dump
 that allowed me to track this one down. Jeremy. (This used to be commit
 c9e066037ab222472085c4a0ecc8a39b337ad2aa)

---
 source3/smbd/server.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 08cf013920..39580d008d 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -2058,7 +2058,8 @@ int read_file(int fnum,char *data,uint32 pos,int n)
 #if USE_MMAP
   if (Files[fnum].mmap_ptr)
     {
-      int num = MIN(n,(int)(Files[fnum].mmap_size-pos));
+      int num = (Files[fnum].mmap_size > pos) ? (Files[fnum].mmap_size - pos) : -1;
+      num = MIN(n,num);
       if (num > 0)
 	{
 	  memcpy(data,Files[fnum].mmap_ptr+pos,num);
-- 
cgit