[RHEL8,COMMIT] ploop: Fix off-by-one error

Submitted by Konstantin Khorenko on Oct. 25, 2019, 2:21 p.m.

Details

Message ID 201910251421.x9PELbLx004940@finist_co8.work.ct
State New
Series "ploop: Fix off-by-one error"
Headers show

Commit Message

Konstantin Khorenko Oct. 25, 2019, 2:21 p.m.
The commit is pushed to "branch-rh8-4.18.0-80.1.2.vz8.2.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-80.1.2.vz8.2.3
------>
commit 9b4005254d36d752fbcbe7654712683b92e78af1
Author: Kirill Tkhai <ktkhai@virtuozzo.com>
Date:   Fri Oct 25 17:21:37 2019 +0300

    ploop: Fix off-by-one error
    
    Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
    
    khorenko@: use substitution instead of addition to avoid overflow
---
 drivers/md/dm-ploop-cmd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/drivers/md/dm-ploop-cmd.c b/drivers/md/dm-ploop-cmd.c
index e3886c175b2e..145dabbac7d6 100644
--- a/drivers/md/dm-ploop-cmd.c
+++ b/drivers/md/dm-ploop-cmd.c
@@ -1491,7 +1491,7 @@  static int ploop_push_backup_write(struct ploop *ploop, char *uuid,
 		return -EBADF;
 	if (strcmp(uuid, pb->uuid) || !nr)
 		return -EINVAL;
-	if (cluster >= nr_bat_entries || cluster + nr >= nr_bat_entries)
+	if (cluster >= nr_bat_entries || nr > nr_bat_entries - cluster)
 		return -E2BIG;
 	if (!pb->alive)
 		return -ESTALE;