xfs: check for valid indices in xfs_iext_get_ext and xfs_iext_idx_to_irec Based on an earlier patch from Lachlan McIlroy. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Lachlan McIlroy <lmcilroy@redhat.com> Signed-off-by: Alex Elder <aelder@sgi.com>

commit: 87bef1812d337beadfb1099e7361fd41264eb88e [log] [tgz]
author: Christoph Hellwig <hch@infradead.org> Wed May 11 15:04:11 2011 +0000
committer: Alex Elder <aelder@sgi.com> Wed May 25 10:48:37 2011 -0500
tree: 707b3c2a623b4fc80ce790bb61bd5262d9396821
parent: ab1908a5bb21a8eebf16e5d92d087fd9413cf67d [diff] [blame]
diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
index 6f318ee..b71a907 100644
--- a/fs/xfs/xfs_inode.c
+++ b/fs/xfs/xfs_inode.c

@@ -3108,6 +3108,8 @@
 	xfs_extnum_t	idx)		/* index of target extent */
 {
 	ASSERT(idx >= 0);
+	ASSERT(idx < ifp->if_bytes / sizeof(xfs_bmbt_rec_t));
+
 	if ((ifp->if_flags & XFS_IFEXTIREC) && (idx == 0)) {
 		return ifp->if_u1.if_ext_irec->er_extbuf;
 	} else if (ifp->if_flags & XFS_IFEXTIREC) {
@@ -3881,8 +3883,10 @@
 	xfs_extnum_t	page_idx = *idxp; /* extent index in target list */
 
 	ASSERT(ifp->if_flags & XFS_IFEXTIREC);
-	ASSERT(page_idx >= 0 && page_idx <=
-		ifp->if_bytes / (uint)sizeof(xfs_bmbt_rec_t));
+	ASSERT(page_idx >= 0);
+	ASSERT(page_idx <= ifp->if_bytes / sizeof(xfs_bmbt_rec_t));
+	ASSERT(page_idx < ifp->if_bytes / sizeof(xfs_bmbt_rec_t) || realloc);
+
 	nlists = ifp->if_real_bytes / XFS_IEXT_BUFSZ;
 	erp_idx = 0;
 	low = 0;
commit	87bef1812d337beadfb1099e7361fd41264eb88e	[log] [tgz]
author	Christoph Hellwig <hch@infradead.org>	Wed May 11 15:04:11 2011 +0000
committer	Alex Elder <aelder@sgi.com>	Wed May 25 10:48:37 2011 -0500
tree	707b3c2a623b4fc80ce790bb61bd5262d9396821
parent	ab1908a5bb21a8eebf16e5d92d087fd9413cf67d [diff] [blame]