Commit 10b078d83674ab0ced812da490f3c6d2261e1b79
1 parent
bc028345ac
Exists in
smarc_8mq_lf_v2020.04
and in
17 other branches
fs: ext4: Fix journal overrun issue reported by Coverity
While &p_jdb[fs->blksz] is a valid expression (it points *one* char sized element past the end of the array, e.g. &p_jdb[fs->blksz + 1] is invalid (according to the C standard (C99/C11)). Changing this to tag = (struct ext3_journal_block_tag *)(p_jdb + ofs); Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de> Suggested-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reported-by: Coverity (CID: 165117, 165110) Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Showing 1 changed file with 2 additions and 2 deletions Side-by-side Diff
fs/ext4/ext4_journal.c
| ... | ... | @@ -355,7 +355,7 @@ |
| 355 | 355 | ofs = sizeof(struct journal_header_t); |
| 356 | 356 | |
| 357 | 357 | do { |
| 358 | - tag = (struct ext3_journal_block_tag *)&p_jdb[ofs]; | |
| 358 | + tag = (struct ext3_journal_block_tag *)(p_jdb + ofs); | |
| 359 | 359 | ofs += sizeof(struct ext3_journal_block_tag); |
| 360 | 360 | |
| 361 | 361 | if (ofs > fs->blksz) |
| ... | ... | @@ -466,7 +466,7 @@ |
| 466 | 466 | ofs = sizeof(struct journal_header_t); |
| 467 | 467 | do { |
| 468 | 468 | tag = (struct ext3_journal_block_tag *) |
| 469 | - &p_jdb[ofs]; | |
| 469 | + (p_jdb + ofs); | |
| 470 | 470 | ofs += sizeof(struct ext3_journal_block_tag); |
| 471 | 471 | if (ofs > fs->blksz) |
| 472 | 472 | break; |