[PATCH] maple_tree: Fix potential out of range offset on mas_next()/mas_prev()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

When going between next/prev, be more careful to stay within the nodes
range.

Signed-off-by: Liam R. Howlett <Liam.Howlett@xxxxxxxxxx>
---
 lib/maple_tree.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/maple_tree.c b/lib/maple_tree.c
index 8cde2edcb4f8..9f8d3ee792d1 100644
--- a/lib/maple_tree.c
+++ b/lib/maple_tree.c
@@ -4628,8 +4628,10 @@ static inline void *mas_next_entry(struct ma_state *mas, unsigned long limit)
 	node = mas_mn(mas);
 	mt = mte_node_type(mas->node);
 	mas->offset++;
-	if (unlikely(mas->offset >= mt_slots[mt]))
+	if (unlikely(mas->offset >= mt_slots[mt])) {
+		mas->offset = mt_slots[mt] - 1;
 		goto next_node;
+	}
 
 	while (!mas_is_none(mas)) {
 		entry = mas_next_nentry(mas, node, limit, mt);
@@ -4687,6 +4689,9 @@ static inline void *mas_prev_nentry(struct ma_state *mas, unsigned long limit,
 	mn = mas_mn(mas);
 	mt = mte_node_type(mas->node);
 	offset = mas->offset - 1;
+	if (offset >= mt_slots[mt])
+		offset = mt_slots[mt] - 1;
+
 	slots = ma_slots(mn, mt);
 	pivots = ma_pivots(mn, mt);
 	if (offset == mt_pivots[mt])
-- 
2.35.1
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux