find_collision() allocates name_len bytes for its sub array so the index must be less than name_len. This was found by static analysis.
Signed-off-by: Zach Brown <[email protected]> --- btrfs-image.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/btrfs-image.c b/btrfs-image.c index b05cf07..7474642 100644 --- a/btrfs-image.c +++ b/btrfs-image.c @@ -314,11 +314,11 @@ static char *find_collision(struct metadump_struct *md, char *name, if (val->sub[i] == 127) { do { i++; - if (i > name_len) + if (i >= name_len) break; } while (val->sub[i] == 127); - if (i > name_len) + if (i >= name_len) break; val->sub[i]++; if (val->sub[i] == '/') -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
