summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoern Engel <joern@logfs.org>2011-11-20 22:29:01 +0530
committerPrasad Joshi <prasadjoshi.linux@gmail.com>2012-01-28 11:24:21 +0530
commit934eed395d201bf0901ca0c0cc3703b18729d0ce (patch)
tree27847639b14a0fc16b850bd39c0ace939694d8f2
parent96150606e2fb82d242c9e4a414e4e922849f7bf7 (diff)
downloadop-kernel-dev-934eed395d201bf0901ca0c0cc3703b18729d0ce.zip
op-kernel-dev-934eed395d201bf0901ca0c0cc3703b18729d0ce.tar.gz
logfs: Prevent memory corruption
This is a bad one. I wonder whether we were so far protected by no_free_segments(sb) usually being smaller than LOGFS_NO_AREAS. Found by Dan Carpenter <dan.carpenter@oracle.com> using smatch. Signed-off-by: Joern Engel <joern@logfs.org> Signed-off-by: Prasad Joshi <prasadjoshi.linux@gmail.com>
-rw-r--r--fs/logfs/gc.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/logfs/gc.c b/fs/logfs/gc.c
index caa4419..d4efb06 100644
--- a/fs/logfs/gc.c
+++ b/fs/logfs/gc.c
@@ -367,7 +367,7 @@ static struct gc_candidate *get_candidate(struct super_block *sb)
int i, max_dist;
struct gc_candidate *cand = NULL, *this;
- max_dist = min(no_free_segments(sb), LOGFS_NO_AREAS);
+ max_dist = min(no_free_segments(sb), LOGFS_NO_AREAS - 1);
for (i = max_dist; i >= 0; i--) {
this = first_in_list(&super->s_low_list[i]);
OpenPOWER on IntegriCloud