[U-Boot] [PATCH] fs: ext4: Fix journal overrun issue reported by Coverity

Mon Aug 21 02:30:15 UTC 2017

While &p_jdb[fs->blksz] is a valid expression (it points *one* char
sized element past the end of the array, e.g. &p_jdb[fs->blksz + 1] is
invalid (according to the C standard (C99/C11)).

Changing this to tag = (struct ext3_journal_block_tag *)(p_jdb + ofs);

Cc: Stefan Brüns <stefan.bruens at rwth-aachen.de>
Suggested-by: Stefan Brüns <stefan.bruens at rwth-aachen.de>
Reported-by: Coverity (CID: 165117, 165110)
Signed-off-by: Tom Rini <trini at konsulko.com>
---
Stefan, since this is your suggestion and message, if you want me to v2
with you as Author, I'd be quite happy to, thanks again!
---
 fs/ext4/ext4_journal.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/ext4/ext4_journal.c b/fs/ext4/ext4_journal.c
index 5a25be4c8ac2..fed6287eac45 100644
--- a/fs/ext4/ext4_journal.c
+++ b/fs/ext4/ext4_journal.c
@@ -355,7 +355,7 @@ void recover_transaction(int prev_desc_logical_no)
 	ofs = sizeof(struct journal_header_t);
 
 	do {
-		tag = (struct ext3_journal_block_tag *)&p_jdb[ofs];
+		tag = (struct ext3_journal_block_tag *)(p_jdb + ofs);
 		ofs += sizeof(struct ext3_journal_block_tag);
 
 		if (ofs > fs->blksz)
@@ -466,7 +466,7 @@ int ext4fs_check_journal_state(int recovery_flag)
 			ofs = sizeof(struct journal_header_t);
 			do {
 				tag = (struct ext3_journal_block_tag *)
-				    &p_jdb[ofs];
+				    (p_jdb + ofs);
 				ofs += sizeof(struct ext3_journal_block_tag);
 				if (ofs > fs->blksz)
 					break;
-- 
1.9.1

