jfs: Fix array index bounds check in dbAdjTree

commit c61b3e4839007668360ed8b87d7da96d2e59fc6c upstream.

Bounds checking tools can flag a bug in dbAdjTree() for an array index
out of bounds in dmt_stree. Since dmt_stree can refer to the stree in
both structures dmaptree and dmapctl, use the larger array to eliminate
the false positive.

Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Reported-by: butt3rflyh4ck <butterflyhuangxx@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/jfs/jfs_dmap.h b/fs/jfs/jfs_dmap.h
index 29891fa..aa03a90 100644 (file)
--- a/fs/jfs/jfs_dmap.h
+++ b/fs/jfs/jfs_dmap.h
@@ -183,7 +183,7 @@ typedef union dmtree {
 #define        dmt_leafidx     t1.leafidx
 #define        dmt_height      t1.height
 #define        dmt_budmin      t1.budmin
-#define        dmt_stree       t1.stree
+#define        dmt_stree       t2.stree
 
 /*
  *     on-disk aggregate disk allocation map descriptor.