logfs: Prevent memory corruption This is a bad one. I wonder whether we were so far protected by no_free_segments(sb) usually being smaller than LOGFS_NO_AREAS. Found by Dan Carpenter <dan.carpenter@oracle.com> using smatch. Signed-off-by: Joern Engel <joern@logfs.org> Signed-off-by: Prasad Joshi <prasadjoshi.linux@gmail.com>

commit: 934eed395d201bf0901ca0c0cc3703b18729d0ce [log] [tgz]
author: Joern Engel <joern@logfs.org> Sun Nov 20 22:29:01 2011 +0530
committer: Prasad Joshi <prasadjoshi.linux@gmail.com> Sat Jan 28 11:24:21 2012 +0530
tree: 27847639b14a0fc16b850bd39c0ace939694d8f2
parent: 96150606e2fb82d242c9e4a414e4e922849f7bf7 [diff] [blame]
diff --git a/fs/logfs/gc.c b/fs/logfs/gc.c
index caa4419..d4efb06 100644
--- a/fs/logfs/gc.c
+++ b/fs/logfs/gc.c

@@ -367,7 +367,7 @@
 	int i, max_dist;
 	struct gc_candidate *cand = NULL, *this;
 
-	max_dist = min(no_free_segments(sb), LOGFS_NO_AREAS);
+	max_dist = min(no_free_segments(sb), LOGFS_NO_AREAS - 1);
 
 	for (i = max_dist; i >= 0; i--) {
 		this = first_in_list(&super->s_low_list[i]);
commit	934eed395d201bf0901ca0c0cc3703b18729d0ce	[log] [tgz]
author	Joern Engel <joern@logfs.org>	Sun Nov 20 22:29:01 2011 +0530
committer	Prasad Joshi <prasadjoshi.linux@gmail.com>	Sat Jan 28 11:24:21 2012 +0530
tree	27847639b14a0fc16b850bd39c0ace939694d8f2
parent	96150606e2fb82d242c9e4a414e4e922849f7bf7 [diff] [blame]