fs: ext4: Fix journal overrun issue reported by Coverity

While &p_jdb[fs->blksz] is a valid expression (it points *one* char sized element past the end of the array, e.g. &p_jdb[fs->blksz + 1] is invalid (according to the C standard (C99/C11)). Changing this to tag = (struct ext3_journal_block_tag *)(p_jdb + ofs); Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de> Suggested-by: N Stefan Brüns <stefan.bruens@rwth-aachen.de> Reported-by: Coverity (CID: 165117, 165110) Signed-off-by: N Tom Rini <trini@konsulko.com> Reviewed-by: N Stefan Brüns <stefan.bruens@rwth-aachen.de>

fs: ext4: Fix journal overrun issue reported by Coverity
While &p_jdb[fs->blksz] is a valid expression (it points *one* char sized element past the end of the array, e.g. &p_jdb[fs->blksz + 1] is invalid (according to the C standard (C99/C11)). Changing this to tag = (struct ext3_journal_block_tag *)(p_jdb + ofs); Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de> Suggested-by: N Stefan Brüns <stefan.bruens@rwth-aachen.de> Reported-by: Coverity (CID: 165117, 165110) Signed-off-by: N Tom Rini <trini@konsulko.com> Reviewed-by: N Stefan Brüns <stefan.bruens@rwth-aachen.de>
10b078d8 · Tom Rini · bc028345 · 10b078d8
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

fs/ext4/ext4_journal.c fs/ext4/ext4_journal.c +2 -2

未找到文件。
--- a/fs/ext4/ext4_journal.c
+++ b/fs/ext4/ext4_journal.c
@@ -355,7 +355,7 @@ void recover_transaction(int prev_desc_logical_no)
 	ofs = sizeof(struct journal_header_t);

 	do {
-		tag = (struct ext3_journal_block_tag *)&p_jdb[ofs];
+		tag = (struct ext3_journal_block_tag *)(p_jdb + ofs);
 		ofs += sizeof(struct ext3_journal_block_tag);

 		if (ofs > fs->blksz)
@@ -466,7 +466,7 @@ int ext4fs_check_journal_state(int recovery_flag)
 			ofs = sizeof(struct journal_header_t);
 			do {
 				tag = (struct ext3_journal_block_tag *)
-				    &p_jdb[ofs];
+				    (p_jdb + ofs);
 				ofs += sizeof(struct ext3_journal_block_tag);
 				if (ofs > fs->blksz)
 					break;