Btrfs: fix array bound checking

Otherwise we can execced the array bound of path->slots[]. Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
author: Li Zefan <lizf@cn.fujitsu.com> 2011-09-06 04:55:34 -0400
committer: David Sterba <dsterba@suse.cz> 2011-10-20 12:10:41 -0400
commit: a05a9bb18ae0abec0b513b5fde876c47905fa13e (patch)
tree: 80a74076bdbb86da8f02a209603526e5c0f524bb /fs/btrfs/ctree.c
parent: f4c697e6406da5dd445eda8d923c53e1138793dd (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
index 011cab3aca8d..0fe615e4ea38 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -902,9 +902,10 @@ static noinline int balance_level(struct btrfs_trans_handle *trans,
        orig_ptr = btrfs_node_blockptr(mid, orig_slot);
-        if (level < BTRFS_MAX_LEVEL - 1)
+        if (level < BTRFS_MAX_LEVEL - 1) {
                parent = path->nodes[level + 1];
-        pslot = path->slots[level + 1];
+                pslot = path->slots[level + 1];
+        }
        /*
         * deal with the case where there is only one pointer in the root
@@ -1107,9 +1108,10 @@ static noinline int push_nodes_for_insert(struct btrfs_trans_handle *trans,
        mid = path->nodes[level];
        WARN_ON(btrfs_header_generation(mid) != trans->transid);
-        if (level < BTRFS_MAX_LEVEL - 1)
+        if (level < BTRFS_MAX_LEVEL - 1) {
                parent = path->nodes[level + 1];
-        pslot = path->slots[level + 1];
+                pslot = path->slots[level + 1];
+        }
        if (!parent)
                return 1;
author	Li Zefan <lizf@cn.fujitsu.com>	2011-09-06 04:55:34 -0400
committer	David Sterba <dsterba@suse.cz>	2011-10-20 12:10:41 -0400
commit	a05a9bb18ae0abec0b513b5fde876c47905fa13e (patch)
tree	80a74076bdbb86da8f02a209603526e5c0f524bb /fs/btrfs/ctree.c
parent	f4c697e6406da5dd445eda8d923c53e1138793dd (diff)