From 5a0c1e5563ddb73e6ae66aef6883e0d0aa9a2fc8 Mon Sep 17 00:00:00 2001
From: DEVER Emiel <emiel.dever@psicontrol.com>
Date: Thu, 12 Dec 2024 09:50:58 +0100
Subject: [PATCH] fs: ext2: Fix ext2 read buffer overflow

Keep track of the amount of bytes read so no buffer overflow occurs.

Signed-off-by: DEVER Emiel <emiel.dever@psicontrol.com>
(cherry picked from commit 336c650646581fd74fe22c0db0c6e9a702e95b5b)
---
 subsys/fs/ext2/ext2_impl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/subsys/fs/ext2/ext2_impl.c b/subsys/fs/ext2/ext2_impl.c
index f9e4d52769900a..201e8cd92cbbcc 100644
--- a/subsys/fs/ext2/ext2_impl.c
+++ b/subsys/fs/ext2/ext2_impl.c
@@ -611,6 +611,7 @@ ssize_t ext2_inode_read(struct ext2_inode *inode, void *buf, uint32_t offset, si
 	int rc = 0;
 	ssize_t read = 0;
 	uint32_t block_size = inode->i_fs->block_size;
+	size_t nbytes_to_read = nbytes;
 
 	while (read < nbytes && offset < inode->i_size) {
 
@@ -624,11 +625,12 @@ ssize_t ext2_inode_read(struct ext2_inode *inode, void *buf, uint32_t offset, si
 
 		uint32_t left_on_blk = block_size - block_off;
 		uint32_t left_in_file = inode->i_size - offset;
-		size_t to_read = MIN(nbytes, MIN(left_on_blk, left_in_file));
+		size_t to_read = MIN(nbytes_to_read, MIN(left_on_blk, left_in_file));
 
 		memcpy((uint8_t *)buf + read, inode_current_block_mem(inode) + block_off, to_read);
 
 		read += to_read;
+		nbytes_to_read -= read;
 		offset += to_read;
 	}