Hi Stefan,
> If the blocksize is 1024, count is initialized with 1. Incrementing
> count by 8 will never match (count == fs->blksz * 8), and ptr may be
> incremented beyond the buffer end if the bitmap is filled. Add the
> startblock offset after the loop.
>
> Remove the second loop, as only the first iteration will be done.
>
> Signed-off-by: Stefan Brüns
> ---
> fs/ext4/ext4_common.c | 34 --
> 1 file changed, 12 insertions(+), 22 deletions(-)
>
> v3: Patch added to series
>
> diff --git a/fs/ext4/ext4_common.c b/fs/ext4/ext4_common.c
> index 362668b..11da6fa 100644
> --- a/fs/ext4/ext4_common.c
> +++ b/fs/ext4/ext4_common.c
> @@ -158,18 +158,12 @@ static int _get_new_inode_no(unsigned char
> *buffer)
> static int _get_new_blk_no(unsigned char *buffer)
> {
> - unsigned char input;
> - int operand, status;
> + int operand;
> int count = 0;
> - int j = 0;
> + int i;
> unsigned char *ptr = buffer;
> struct ext_filesystem *fs = get_fs();
>
> - if (fs->blksz != 1024)
> - count = 0;
> - else
> - count = 1;
> -
> while (*ptr == 255) {
> ptr++;
> count += 8;
> @@ -177,21 +171,17 @@ static int _get_new_blk_no(unsigned char
> *buffer) return -1;
> }
>
> - for (j = 0; j < fs->blksz; j++) {
> - input = *ptr;
> - int i = 0;
> - while (i <= 7) {
> - operand = 1 << i;
> - status = input & operand;
> - if (status) {
> - i++;
> - count++;
> - } else {
> - *ptr |= operand;
> - return count;
> - }
> + if (fs->blksz == 1024)
> + count += 1;
> +
> + for (i = 0; i <= 7; i++) {
> + operand = 1 << i;
> + if (*ptr & operand) {
> + count++;
> + } else {
> + *ptr |= operand;
> + return count;
> }
> - ptr = ptr + 1;
> }
>
> return -1;
Reviewed-by: Lukasz Majewski
--
Best regards,
Lukasz Majewski
Samsung R&D Institute Poland (SRPOL) | Linux Platform Group
___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot