If cache_index == NR_GRPINFO_CACHES then we read past the end of the ext4_groupinfo_caches[] array a couple lines later. Signed-off-by: Dan Carpenter <error27@xxxxxxxxx> diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 02cff4a..d1fe09a 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -2438,7 +2438,7 @@ static int ext4_groupinfo_create_slab(size_t size) int cache_index = blocksize_bits - EXT4_MIN_BLOCK_LOG_SIZE; struct kmem_cache *cachep; - if (cache_index > NR_GRPINFO_CACHES) + if (cache_index >= NR_GRPINFO_CACHES) return -EINVAL; if (unlikely(cache_index < 0)) -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html