libext2fs: Round up the bitmap size when allocating a new bitmap

The x86 BT assembly instructure can overshoot the end of a bit array
when testing a bit at the end of the bit array, even if it never needs
to look at those memory locations.  This can cause a spurious
segmentation fault.  If we allocate a little extra memory, it avoids
this problem.  See:

	http://faydoc.tripod.com/cpu/bt.htm

This doesn't happen on Linux, probably because of the glibc's malloc()
function works, but apparently it's a major problem on the *BSD
operating systems.

Addresses-Sourceforge-Bug: #2328708

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>

diff --git a/lib/ext2fs/gen_bitmap.c b/lib/ext2fs/gen_bitmap.c
index 1f7d2c4cf4df552b72be2082ad3aa3df96bb34f0..54a39dcb58e116937bc0babef4449207ba1136c9 100644 (file)
--- a/lib/ext2fs/gen_bitmap.c
+++ b/lib/ext2fs/gen_bitmap.c
@@ -103,6 +103,8 @@ errcode_t ext2fs_make_generic_bitmap(errcode_t magic, ext2_filsys fs,
                bitmap->description = 0;
 
        size = (size_t) (((bitmap->real_end - bitmap->start) / 8) + 1);
+       /* Round up to allow for the BT x86 instruction */
+       size = (size + 7) & ~3;
        retval = ext2fs_get_mem(size, &bitmap->bitmap);
        if (retval) {
                ext2fs_free_mem(&bitmap->description);