diff options
| author | Joern Engel <joern@logfs.org> | 2011-11-20 22:29:01 +0530 |
|---|---|---|
| committer | Prasad Joshi <prasadjoshi.linux@gmail.com> | 2012-01-28 11:24:21 +0530 |
| commit | 934eed395d201bf0901ca0c0cc3703b18729d0ce (patch) | |
| tree | 27847639b14a0fc16b850bd39c0ace939694d8f2 | |
| parent | 96150606e2fb82d242c9e4a414e4e922849f7bf7 (diff) | |
| download | linux-934eed395d201bf0901ca0c0cc3703b18729d0ce.tar.gz | |
logfs: Prevent memory corruption
This is a bad one. I wonder whether we were so far protected by no_free_segments(sb) usually being smaller than LOGFS_NO_AREAS. Found by Dan Carpenter <dan.carpenter@oracle.com> using smatch. Signed-off-by: Joern Engel <joern@logfs.org> Signed-off-by: Prasad Joshi <prasadjoshi.linux@gmail.com>
| -rw-r--r-- | fs/logfs/gc.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/logfs/gc.c b/fs/logfs/gc.c index caa4419285dc..d4efb061bdc5 100644 --- a/fs/logfs/gc.c +++ b/fs/logfs/gc.c @@ -367,7 +367,7 @@ static struct gc_candidate *get_candidate(struct super_block *sb) int i, max_dist; struct gc_candidate *cand = NULL, *this; - max_dist = min(no_free_segments(sb), LOGFS_NO_AREAS); + max_dist = min(no_free_segments(sb), LOGFS_NO_AREAS - 1); for (i = max_dist; i >= 0; i--) { this = first_in_list(&super->s_low_list[i]); |