f2fs: fix overflow due to condition check order

commit e87f7329bbd6760c2acc4f1eb423362b08851a71 upstream. In the last ilen case, i was already increased, resulting in accessing out- of-boundary entry of do_replace and blkaddr. Fix to check ilen first to exit the loop. Fixes: 2aa8fbb9693020 ("f2fs: refactor __exchange_data_block for speed up") Cc: stable@vger.kernel.org # 4.8+ Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
author: Jaegeuk Kim <jaegeuk@kernel.org> 2016-11-23 10:51:17 -0800
committer: Jaegeuk Kim <jaegeuk@google.com> 2017-09-25 15:01:52 -0700
commit: ab6f3626a82db73b2a490804fe6591750c5b2233 (patch)
tree: 1c87fd8eceedee47aae5e1728397011bc6c4995c /fs
parent: 91d38ba8414bdbe7161d2d02eddf5e671db0024d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index c6e33258fabf..5c4ea4cf2fb1 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -971,7 +971,7 @@ static int __clone_blkaddrs(struct inode *src_inode, struct inode *dst_inode,
 				new_size = (dst + i) << PAGE_SHIFT;
 				if (dst_inode->i_size < new_size)
 					f2fs_i_size_write(dst_inode, new_size);
-			} while ((do_replace[i] || blkaddr[i] == NULL_ADDR) && --ilen);
+			} while (--ilen && (do_replace[i] || blkaddr[i] == NULL_ADDR));
 
 			f2fs_put_dnode(&dn);
 		} else {
author	Jaegeuk Kim <jaegeuk@kernel.org>	2016-11-23 10:51:17 -0800
committer	Jaegeuk Kim <jaegeuk@google.com>	2017-09-25 15:01:52 -0700
commit	ab6f3626a82db73b2a490804fe6591750c5b2233 (patch)
tree	1c87fd8eceedee47aae5e1728397011bc6c4995c /fs
parent	91d38ba8414bdbe7161d2d02eddf5e671db0024d (diff)