btrfs-progs: don't overrun name in find-collisions

find_collision() allocates name_len bytes for its sub array so the index
must be less than name_len.  This was found by static analysis.

Signed-off-by: Zach Brown <zab@redhat.com>
Signed-off-by: David Sterba <dsterba@suse.cz>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>

diff --git a/btrfs-image.c b/btrfs-image.c
index 189e546..52209a7 100644 (file)
--- a/btrfs-image.c
+++ b/btrfs-image.c
@@ -314,11 +314,11 @@ static char *find_collision(struct metadump_struct *md, char *name,
                if (val->sub[i] == 127) {
                        do {
                                i++;
-                               if (i > name_len)
+                               if (i >= name_len)
                                        break;
                        } while (val->sub[i] == 127);
 
-                       if (i > name_len)
+                       if (i >= name_len)
                                break;
                        val->sub[i]++;
                        if (val->sub[i] == '/')