When got too small clean field, entry will never equal vstruct_end(&clean->field),
the dead loop resulted in out of bounds access.
Fixes: 12bf93a429c9 ("bcachefs: Add .to_text() methods for all superblock sections")
Fixes: a37ad1a3aba9 ("bcachefs: sb-clean.c")
Reported-and-tested-by: syzbot+c48865e11e7e893ec4ab@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Edward Adam Davis <eadavis@xxxxxx>
---
fs/bcachefs/sb-clean.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/bcachefs/sb-clean.c b/fs/bcachefs/sb-clean.c
index 5980ba2563fe..02101687853e 100644
--- a/fs/bcachefs/sb-clean.c
+++ b/fs/bcachefs/sb-clean.c
@@ -285,7 +285,7 @@ static void bch2_sb_clean_to_text(struct printbuf *out, struct bch_sb *sb,
prt_newline(out);
for (entry = clean->start;
- entry != vstruct_end(&clean->field);
+ entry < vstruct_end(&clean->field);
entry = vstruct_next(entry)) {
if (entry->type == BCH_JSET_ENTRY_btree_keys &&
!entry->u64s)
--
2.43.0
