Hi,
Static analysis has picked up a potential issue with an out of bounds
read in fs/hfs/extent.c; the following for-loop in hfs_free_fork()
increments i and also extent while also reading extent[i].count. This
looks incorrect to me, I think the increment of extent is not needed:
for (i = 0; i < 3; extent++, i++)
blocks += be16_to_cpu(extent[i].count);
res = hfs_free_extents(sb, extent, blocks, blocks);
I'm not familiar enough with the code to conclude that removing the
increment of extent is necessary a correct fix just in case I'm missing
something subtle here.
This issue was picked up by static analysis with CoverityScan:
CID 711541 (#1 of 1): Out-of-bounds read:
Overrunning array of 3 4-byte elements at element index 4 (byte offset
16) by dereferencing pointer extent + i.
Colin
