From a0cff5c1ac0432a707354ae6717abfae269fcdb8 Mon Sep 17 00:00:00 2001
From: Timo Warns <Warns@Pre-Sense.DE>
Date: Tue, 9 Aug 2011 09:40:47 +0200
Subject: [PATCH] libblkid: befs validate di_br_size !=0 and br_per_di_br != 0

Validate that di_br_size !=0 and br_per_di_br != 0. If one of them is 0, a
division-by-zero error will be triggered.

Signed-off-by: Timo Warns <warns@pre-sense.de>
---
 libblkid/src/superblocks/befs.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/libblkid/src/superblocks/befs.c b/libblkid/src/superblocks/befs.c
index 62414ec61f..930429a58d 100644
--- a/libblkid/src/superblocks/befs.c
+++ b/libblkid/src/superblocks/befs.c
@@ -200,9 +200,16 @@ unsigned char *get_tree_node(blkid_probe pr, const struct befs_super_block *bs,
 		int64_t di_br_size, br_per_di_br, di_index, i_index;
 
 		start -= (int64_t) FS64_TO_CPU(ds->max_indirect_range, fs_le);
+
 		di_br_size = (int64_t) FS16_TO_CPU(ds->double_indirect.len,
 				fs_le) << FS32_TO_CPU(bs->block_shift, fs_le);
+		if (di_br_size == 0)
+			return NULL;
+
 		br_per_di_br = di_br_size / sizeof(struct block_run);
+		if (br_per_di_br == 0)
+			return NULL;
+
 		di_index = start / (br_per_di_br * di_br_size);
 		i_index = (start % (br_per_di_br * di_br_size)) / di_br_size;
 		start = (start % (br_per_di_br * di_br_size)) % di_br_size;
-- 
2.47.3