ocfs2: Fix memory overflow in cow_by_page.

In ocfs2_duplicate_clusters_by_page, we calculate map_end by shifting page_index. But actually in case we meet with a large offset(say in a i686 box, poff_t is only 32 bits and page_index=2056240), we will overflow. So change the type of page_index to loff_t. Signed-off-by: Tao Ma <tao.ma@oracle.com> Signed-off-by: Joel Becker <joel.becker@oracle.com>
author: Tao Ma <tao.ma@oracle.com> 2010-01-30 10:32:19 -0500
committer: Joel Becker <joel.becker@oracle.com> 2010-02-02 21:14:20 -0500
commit: d622b89a2f58613a9c1407b22b02aecdd2187a7c (patch)
tree: 4987446f5308b324e74dd4bcc0da7c15f728d019 /fs/ocfs2/refcounttree.c
parent: 26636bf6b2010aa84c54d577231e017ba71493d0 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/ocfs2/refcounttree.c b/fs/ocfs2/refcounttree.c
index 74db2be75dd6..5b64468de0b0 100644
--- a/fs/ocfs2/refcounttree.c
+++ b/fs/ocfs2/refcounttree.c
@@ -2945,7 +2945,7 @@ static int ocfs2_duplicate_clusters_by_page(handle_t *handle,
        while (offset < end) {
                page_index = offset >> PAGE_CACHE_SHIFT;
-                map_end = (page_index + 1) << PAGE_CACHE_SHIFT;
+                map_end = ((loff_t)page_index + 1) << PAGE_CACHE_SHIFT;
                if (map_end > end)
                        map_end = end;
@@ -3170,7 +3170,7 @@ static int ocfs2_cow_sync_writeback(struct super_block *sb,
        while (offset < end) {
                page_index = offset >> PAGE_CACHE_SHIFT;
-                map_end = (page_index + 1) << PAGE_CACHE_SHIFT;
+                map_end = ((loff_t)page_index + 1) << PAGE_CACHE_SHIFT;
                if (map_end > end)
                        map_end = end;
author	Tao Ma <tao.ma@oracle.com>	2010-01-30 10:32:19 -0500
committer	Joel Becker <joel.becker@oracle.com>	2010-02-02 21:14:20 -0500
commit	d622b89a2f58613a9c1407b22b02aecdd2187a7c (patch)
tree	4987446f5308b324e74dd4bcc0da7c15f728d019 /fs/ocfs2/refcounttree.c
parent	26636bf6b2010aa84c54d577231e017ba71493d0 (diff)

diff --git a/fs/ocfs2/refcounttree.c b/fs/ocfs2/refcounttree.c index 74db2be75dd6..5b64468de0b0 100644 --- a/fs/ocfs2/refcounttree.c +++ b/fs/ocfs2/refcounttree.c
@@ -2945,7 +2945,7 @@ static int ocfs2_duplicate_clusters_by_page(handle_t *handle,
2945		2945
2946	while (offset < end) {	2946	while (offset < end) {
2947	page_index = offset >> PAGE_CACHE_SHIFT;	2947	page_index = offset >> PAGE_CACHE_SHIFT;
2948	map_end = (page_index + 1) << PAGE_CACHE_SHIFT;	2948	map_end = ((loff_t)page_index + 1) << PAGE_CACHE_SHIFT;
2949	if (map_end > end)	2949	if (map_end > end)
2950	map_end = end;	2950	map_end = end;
2951		2951
@@ -3170,7 +3170,7 @@ static int ocfs2_cow_sync_writeback(struct super_block *sb,
3170		3170
3171	while (offset < end) {	3171	while (offset < end) {
3172	page_index = offset >> PAGE_CACHE_SHIFT;	3172	page_index = offset >> PAGE_CACHE_SHIFT;
3173	map_end = (page_index + 1) << PAGE_CACHE_SHIFT;	3173	map_end = ((loff_t)page_index + 1) << PAGE_CACHE_SHIFT;
3174	if (map_end > end)	3174	if (map_end > end)
3175	map_end = end;	3175	map_end = end;
3176		3176