libext2fs: fix off-by-one bug in punch_extent_blocks

punch_extent_blocks tries to validate its input parameters to make sure
that the physical range of blocks being punched do not go past the end
of the filesystem.  Unfortunately, there's an off-by-one bug in the
valiation, because start==0 count==10 is a perfectly valid range on a
10-block filesystem.

Cc: linux-ext4@vger.kernel.org # v1.46.6
Fixes: 6772d4969e9c90 ("libext2fs: check for invalid blocks in ext2fs_punch_blocks()")
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Link: https://lore.kernel.org/r/175182662987.1984706.5292286424808159532.stgit@frogsfrogsfrogs
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

diff --git a/lib/ext2fs/punch.c b/lib/ext2fs/punch.c
index 80c699eb0c13f55c00152d1e1c3bbbb70e73e32c..19b6a37824c589401ff5c35d89042ca531680cc0 100644 (file)
--- a/lib/ext2fs/punch.c
+++ b/lib/ext2fs/punch.c
@@ -201,7 +201,7 @@ static errcode_t punch_extent_blocks(ext2_filsys fs, ext2_ino_t ino,
        errcode_t       retval = 0;
 
        if (free_start < fs->super->s_first_data_block ||
-           (free_start + free_count) >= ext2fs_blocks_count(fs->super))
+           (free_start + free_count) > ext2fs_blocks_count(fs->super))
                return EXT2_ET_BAD_BLOCK_NUM;
 
        /* No bigalloc?  Just free each block. */