find_collision() allocates name_len bytes for its sub array so the index
must be less than name_len. This was found by static analysis.
Signed-off-by: Zach Brown <zab@redhat.com>
Signed-off-by: David Sterba <dsterba@suse.cz>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
if (val->sub[i] == 127) {
do {
i++;
- if (i > name_len)
+ if (i >= name_len)
break;
} while (val->sub[i] == 127);
- if (i > name_len)
+ if (i >= name_len)
break;
val->sub[i]++;
if (val->sub[i] == '/')