From: Alex Elder <elder@inktank.com>
Date: Tue, 3 Jul 2012 21:01:18 +0000 (-0500)
Subject: libceph: fix off-by-one bug in ceph_encode_filepath()
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=c61a1abd215c1ccd6fa73104c79e79987ed3aa98;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git

libceph: fix off-by-one bug in ceph_encode_filepath()

There is a BUG_ON() call that doesn't account for the single byte
structure version at the start of an encoded filepath in
ceph_encode_filepath().  Fix that.

Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Yehuda Sadeh <yehuda@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
---

diff --git a/include/linux/ceph/decode.h b/include/linux/ceph/decode.h
index d8615dee5808..bcbd66c84890 100644
--- a/include/linux/ceph/decode.h
+++ b/include/linux/ceph/decode.h
@@ -151,7 +151,7 @@ static inline void ceph_encode_filepath(void **p, void *end,
 					u64 ino, const char *path)
 {
 	u32 len = path ? strlen(path) : 0;
-	BUG_ON(*p + sizeof(ino) + sizeof(len) + len > end);
+	BUG_ON(*p + 1 + sizeof(ino) + sizeof(len) + len > end);
 	ceph_encode_8(p, 1);
 	ceph_encode_64(p, ino);
 	ceph_encode_32(p, len);