fs/f2fs: Fix off-by-one error in nat journal entries check

Oops. You're allowed to have up to n = NAT_JOURNAL_ENTRIES entries
_inclusive_, because the loop below uses i < n, not i <= n. D'oh.

Fixes: 4bd9877f6216 (fs/f2fs: Do not read past the end of nat journal entries)
Reported-by: программист нект <programmer11180@programist.ru>
Tested-by: программист нект <programmer11180@programist.ru>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c
index df6beb544cbd201b1dbf32e9b17149104e4891fd..855e24618c2bc3a11fc8c630f9c6405c1f8c44d2 100644 (file)
--- a/grub-core/fs/f2fs.c
+++ b/grub-core/fs/f2fs.c
@@ -650,7 +650,7 @@ get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid,
   grub_uint16_t n = grub_le_to_cpu16 (data->nat_j.n_nats);
   grub_uint16_t i;
 
-  if (n >= NAT_JOURNAL_ENTRIES)
+  if (n > NAT_JOURNAL_ENTRIES)
     return grub_error (GRUB_ERR_BAD_FS,
                        "invalid number of nat journal entries");