fs: ext4: Fix journal overrun issue reported by Coverity

While &p_jdb[fs->blksz] is a valid expression (it points *one* char
sized element past the end of the array, e.g. &p_jdb[fs->blksz + 1] is
invalid (according to the C standard (C99/C11)).

Changing this to tag = (struct ext3_journal_block_tag *)(p_jdb + ofs);

Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Suggested-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reported-by: Coverity (CID: 165117, 165110)
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>

diff --git a/fs/ext4/ext4_journal.c b/fs/ext4/ext4_journal.c
index 5a25be4c8ac2c5871929f9c1cf07c0eaf2663b70..fed6287eac456010631d6fc392c8430827deefb1 100644 (file)
--- a/fs/ext4/ext4_journal.c
+++ b/fs/ext4/ext4_journal.c
@@ -355,7 +355,7 @@ void recover_transaction(int prev_desc_logical_no)
        ofs = sizeof(struct journal_header_t);
 
        do {
-               tag = (struct ext3_journal_block_tag *)&p_jdb[ofs];
+               tag = (struct ext3_journal_block_tag *)(p_jdb + ofs);
                ofs += sizeof(struct ext3_journal_block_tag);
 
                if (ofs > fs->blksz)
@@ -466,7 +466,7 @@ int ext4fs_check_journal_state(int recovery_flag)
                        ofs = sizeof(struct journal_header_t);
                        do {
                                tag = (struct ext3_journal_block_tag *)
-                                   &p_jdb[ofs];
+                                   (p_jdb + ofs);
                                ofs += sizeof(struct ext3_journal_block_tag);
                                if (ofs > fs->blksz)
                                        break;