fix: prevent buffer overflow in ReadAt copy operation

[a4913994]

This prevents potential panics from buffer overflows

[linux-foundation-easycla]

• ✅login: a4913994 / (1242967)

The committers listed above are authorized under a signed CLA.

[athre0z]

Ah, good catch and thanks for the PR!

I played around with the exact conditions to actually trigger a crash. The min logic was supposed to make this safe without an explicit check, but it seems that I forgot to take skipOffset into account here. If the read offset falls into the tail chunk and over-reads it, it currently causes a panic. I think we can simplify the conditions a bit, to just check the skipOffset. We should also return io.EOF instead of a generic error. That's the expected error for when you over-read in a ReaderAt implementation.

Here's the variant that I came up with: zystem-io@c29f3b9

Would that also fix your problem?

[a4913994]

Yes, Simplifying the conditions and returning io.EOF is a better approach. Great job!

[athre0z]

Cool! Created PR with the alternative variant here to spare you the work of mirroring the changes on your branch: #259. Thanks again for catching this! :)

[florianl]

Closing as resolved with the alternative of #259. Thanks @a4913994 for identifying the issue.