projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9615060)
logfs: Prevent memory corruption
authorJoern Engel <joern@logfs.org>
Sun, 20 Nov 2011 16:59:01 +0000 (22:29 +0530)
committerPrasad Joshi <prasadjoshi.linux@gmail.com>
Sat, 28 Jan 2012 05:54:21 +0000 (11:24 +0530)
This is a bad one.  I wonder whether we were so far protected by
no_free_segments(sb) usually being smaller than LOGFS_NO_AREAS.

Found by Dan Carpenter <dan.carpenter@oracle.com> using smatch.

Signed-off-by: Joern Engel <joern@logfs.org>
Signed-off-by: Prasad Joshi <prasadjoshi.linux@gmail.com>
fs/logfs/gc.c patch | blob | blame | history

diff --git a/fs/logfs/gc.c b/fs/logfs/gc.c
index caa4419285dcac78e1743a0e2e602eadd57b19bb..d4efb061bdc5d1dd62ecddcb7575cf891e3b792e 100644 (file)
--- a/fs/logfs/gc.c
+++ b/fs/logfs/gc.c
@@ -367,7 +367,7 @@ static struct gc_candidate *get_candidate(struct super_block *sb)
        int i, max_dist;
        struct gc_candidate *cand = NULL, *this;
 
-       max_dist = min(no_free_segments(sb), LOGFS_NO_AREAS);
+       max_dist = min(no_free_segments(sb), LOGFS_NO_AREAS - 1);
 
        for (i = max_dist; i >= 0; i--) {
                this = first_in_list(&super->s_low_list[i]);