From: Daniel Axtens <dja@axtens.net>
Date: Sat, 14 Jan 2023 13:19:50 +0000 (+1100)
Subject: fs/f2fs: Fix off-by-one error in nat journal entries check
X-Git-Tag: grub-2.12-rc1~152
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4de39a2af6521631d24978eb23035b7608949174;p=thirdparty%2Fgrub.git

fs/f2fs: Fix off-by-one error in nat journal entries check

Oops. You're allowed to have up to n = NAT_JOURNAL_ENTRIES entries
_inclusive_, because the loop below uses i < n, not i <= n. D'oh.

Fixes: 4bd9877f6216 (fs/f2fs: Do not read past the end of nat journal entries)

Reported-by: программист нект <programmer11180@programist.ru>
Tested-by: программист нект <programmer11180@programist.ru>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---

diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c
index df6beb544..855e24618 100644
--- a/grub-core/fs/f2fs.c
+++ b/grub-core/fs/f2fs.c
@@ -650,7 +650,7 @@ get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid,
   grub_uint16_t n = grub_le_to_cpu16 (data->nat_j.n_nats);
   grub_uint16_t i;
 
-  if (n >= NAT_JOURNAL_ENTRIES)
+  if (n > NAT_JOURNAL_ENTRIES)
     return grub_error (GRUB_ERR_BAD_FS,
                        "invalid number of nat journal entries");