summaryrefslogtreecommitdiffstats
path: root/fs/ntfs
diff options
context:
space:
mode:
authorAnton Altaparmakov <aia21@cantab.net>2005-09-08 17:46:55 +0200
committerAnton Altaparmakov <aia21@cantab.net>2005-09-08 17:46:55 +0200
commit84d6ebe63f50b6efd8be252b58a207132157c60f (patch)
tree5e78199877a800c92528c2ed0272c863d2c9733c /fs/ntfs
parentNTFS: Use ntfs_malloc_nofs_nofail() in runlist.c::ntfs_runlists_merge() (diff)
downloadlinux-84d6ebe63f50b6efd8be252b58a207132157c60f.tar.xz
linux-84d6ebe63f50b6efd8be252b58a207132157c60f.zip
NTFS: Fix two nasty runlist merging bugs that had gone unnoticed so far.
Thanks to Stefano Picerno for the bug report. Signed-off-by: Anton Altaparmakov <aia21@cantab.net>
Diffstat (limited to 'fs/ntfs')
-rw-r--r--fs/ntfs/ChangeLog2
-rw-r--r--fs/ntfs/runlist.c5
2 files changed, 5 insertions, 2 deletions
diff --git a/fs/ntfs/ChangeLog b/fs/ntfs/ChangeLog
index c5bbedff5ae5..4bc8f91c5fc0 100644
--- a/fs/ntfs/ChangeLog
+++ b/fs/ntfs/ChangeLog
@@ -43,6 +43,8 @@ ToDo/Notes:
- Use ntfs_malloc_nofs_nofail() in the two critical regions in
fs/ntfs/runlist.c::ntfs_runlists_merge(). This means we no longer
need to panic() if the allocation fails as it now cannot fail.
+ - Fix two nasty runlist merging bugs that had gone unnoticed so far.
+ Thanks to Stefano Picerno for the bug report.
2.1.23 - Implement extension of resident files and make writing safe as well as
many bug fixes, cleanups, and enhancements...
diff --git a/fs/ntfs/runlist.c b/fs/ntfs/runlist.c
index 3bb4a57d1fa9..d26a1be530c5 100644
--- a/fs/ntfs/runlist.c
+++ b/fs/ntfs/runlist.c
@@ -542,6 +542,7 @@ runlist_element *ntfs_runlists_merge(runlist_element *drl,
/* Scan to the end of the source runlist. */
for (dend = 0; likely(drl[dend].length); dend++)
;
+ dend++;
drl = ntfs_rl_realloc(drl, dend, dend + 1);
if (IS_ERR(drl))
return drl;
@@ -611,8 +612,8 @@ runlist_element *ntfs_runlists_merge(runlist_element *drl,
((drl[dins].vcn + drl[dins].length) <= /* End of hole */
(srl[send - 1].vcn + srl[send - 1].length)));
- /* Or we'll lose an end marker */
- if (start && finish && (drl[dins].length == 0))
+ /* Or we will lose an end marker. */
+ if (finish && !drl[dins].length)
ss++;
if (marker && (drl[dins].vcn + drl[dins].length > srl[send - 1].vcn))
finish = FALSE;