From: Prasad Joshi <prasadjoshi.linux@gmail.com>
Date: Sun, 20 Nov 2011 16:59:01 +0000 (+0530)
Subject: logfs: Prevent memory corruption
X-Git-Tag: next-20111121~58^2
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=011a85aca1c0e56b344df6be77401b837e721fd9;p=karo-tx-linux.git

logfs: Prevent memory corruption

This is a bad one.  I wonder whether we were so far protected by
no_free_segments(sb) usually being smaller than LOGFS_NO_AREAS.

Found by Dan Carpenter <dan.carpenter@oracle.com> using smatch.

Signed-off-by: Joern Engel <joern@logfs.org>
Signed-off-by: Prasad Joshi <prasadjoshi.linux@gmail.com>
---

diff --git a/fs/logfs/gc.c b/fs/logfs/gc.c
index caa4419285dc..d4efb061bdc5 100644
--- a/fs/logfs/gc.c
+++ b/fs/logfs/gc.c
@@ -367,7 +367,7 @@ static struct gc_candidate *get_candidate(struct super_block *sb)
 	int i, max_dist;
 	struct gc_candidate *cand = NULL, *this;
 
-	max_dist = min(no_free_segments(sb), LOGFS_NO_AREAS);
+	max_dist = min(no_free_segments(sb), LOGFS_NO_AREAS - 1);
 
 	for (i = max_dist; i >= 0; i--) {
 		this = first_in_list(&super->s_low_list[i]);