From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?iso-8859-1?Q?Br=FCns=2C_Stefan?= Date: Tue, 22 Aug 2017 15:14:33 +0000 Subject: [U-Boot] [PATCH] fs: ext4: Fix journal overrun issue reported by Coverity In-Reply-To: <1503282615-30802-1-git-send-email-trini@konsulko.com> References: <1503282615-30802-1-git-send-email-trini@konsulko.com> Message-ID: <6380988.IzGmr8eeoo@sbruens-linux> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit To: u-boot@lists.denx.de On Montag, 21. August 2017 04:30:15 CEST Tom Rini wrote: > While &p_jdb[fs->blksz] is a valid expression (it points *one* char > sized element past the end of the array, e.g. &p_jdb[fs->blksz + 1] is > invalid (according to the C standard (C99/C11)). > > Changing this to tag = (struct ext3_journal_block_tag *)(p_jdb + ofs); > > Cc: Stefan Brüns > Suggested-by: Stefan Brüns > Reported-by: Coverity (CID: 165117, 165110) > Signed-off-by: Tom Rini > --- > Stefan, since this is your suggestion and message, if you want me to v2 > with you as Author, I'd be quite happy to, thanks again! Hi Tom, whatever you like, both is fine with me. Kind regards, Stefan PS: Reviewed-by: Stefan Brüns > --- > fs/ext4/ext4_journal.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/fs/ext4/ext4_journal.c b/fs/ext4/ext4_journal.c > index 5a25be4c8ac2..fed6287eac45 100644 > --- a/fs/ext4/ext4_journal.c > +++ b/fs/ext4/ext4_journal.c > @@ -355,7 +355,7 @@ void recover_transaction(int prev_desc_logical_no) > ofs = sizeof(struct journal_header_t); > > do { > - tag = (struct ext3_journal_block_tag *)&p_jdb[ofs]; > + tag = (struct ext3_journal_block_tag *)(p_jdb + ofs); > ofs += sizeof(struct ext3_journal_block_tag); > > if (ofs > fs->blksz) > @@ -466,7 +466,7 @@ int ext4fs_check_journal_state(int recovery_flag) > ofs = sizeof(struct journal_header_t); > do { > tag = (struct ext3_journal_block_tag *) > - &p_jdb[ofs]; > + (p_jdb + ofs); > ofs += sizeof(struct ext3_journal_block_tag); > if (ofs > fs->blksz) > break;