From: Zach Brown <zab@redhat.com>
Date: Mon, 7 Oct 2013 21:42:56 +0000 (-0700)
Subject: btrfs-progs: don't overrun name in find-collisions
X-Git-Tag: upstream/4.16.1~3079
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=961eaa7d3975928635e3dc775e6ab3a2f36a5303;p=platform%2Fupstream%2Fbtrfs-progs.git

btrfs-progs: don't overrun name in find-collisions

find_collision() allocates name_len bytes for its sub array so the index
must be less than name_len.  This was found by static analysis.

Signed-off-by: Zach Brown <zab@redhat.com>
Signed-off-by: David Sterba <dsterba@suse.cz>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
---

diff --git a/btrfs-image.c b/btrfs-image.c
index 189e546..52209a7 100644
--- a/btrfs-image.c
+++ b/btrfs-image.c
@@ -314,11 +314,11 @@ static char *find_collision(struct metadump_struct *md, char *name,
 		if (val->sub[i] == 127) {
 			do {
 				i++;
-				if (i > name_len)
+				if (i >= name_len)
 					break;
 			} while (val->sub[i] == 127);
 
-			if (i > name_len)
+			if (i >= name_len)
 				break;
 			val->sub[i]++;
 			if (val->sub[i] == '/')