From 70dd54e114ccbef0428169fd287f232c360c4f48 Mon Sep 17 00:00:00 2001
From: Bill Zissimopoulos <billziss@navimatics.com>
Date: Thu, 28 Feb 2019 11:00:47 -0800
Subject: [PATCH] sys: write: FspFsvolWriteCached

- double-check that WriteEndOffset is within file bounds
---
 src/sys/write.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/sys/write.c b/src/sys/write.c
index e2bb8f91..85f65944 100644
--- a/src/sys/write.c
+++ b/src/sys/write.c
@@ -219,6 +219,13 @@ static NTSTATUS FspFsvolWriteCached(
         }
     }
 
+    /* double-check that the end offset is <= than the file size and fail if not */
+    if (WriteEndOffset > (UINT64)CcGetFileSizePointer(FileObject)->QuadPart)
+    {
+        FspFileNodeRelease(FileNode, Main);
+        return STATUS_INTERNAL_ERROR;
+    }
+
     /*
      * From this point forward we must jump to the CLEANUP label on failure.
      */