From 10b078d83674ab0ced812da490f3c6d2261e1b79 Mon Sep 17 00:00:00 2001 From: Tom Rini Date: Sun, 20 Aug 2017 22:30:15 -0400 Subject: [PATCH] fs: ext4: Fix journal overrun issue reported by Coverity MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit While &p_jdb[fs->blksz] is a valid expression (it points *one* char sized element past the end of the array, e.g. &p_jdb[fs->blksz + 1] is invalid (according to the C standard (C99/C11)). Changing this to tag = (struct ext3_journal_block_tag *)(p_jdb + ofs); Cc: Stefan Brüns Suggested-by: Stefan Brüns Reported-by: Coverity (CID: 165117, 165110) Signed-off-by: Tom Rini Reviewed-by: Stefan Brüns --- fs/ext4/ext4_journal.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ext4/ext4_journal.c b/fs/ext4/ext4_journal.c index 5a25be4c8a..fed6287eac 100644 --- a/fs/ext4/ext4_journal.c +++ b/fs/ext4/ext4_journal.c @@ -355,7 +355,7 @@ void recover_transaction(int prev_desc_logical_no) ofs = sizeof(struct journal_header_t); do { - tag = (struct ext3_journal_block_tag *)&p_jdb[ofs]; + tag = (struct ext3_journal_block_tag *)(p_jdb + ofs); ofs += sizeof(struct ext3_journal_block_tag); if (ofs > fs->blksz) @@ -466,7 +466,7 @@ int ext4fs_check_journal_state(int recovery_flag) ofs = sizeof(struct journal_header_t); do { tag = (struct ext3_journal_block_tag *) - &p_jdb[ofs]; + (p_jdb + ofs); ofs += sizeof(struct ext3_journal_block_tag); if (ofs > fs->blksz) break; -- 2.25.1