lib/mpi: fix off by one in mpi_read_raw_from_sgl
authorStephan Mueller <smueller@chronox.de>
Sun, 18 Oct 2015 10:45:18 +0000 (12:45 +0200)
committerHerbert Xu <herbert@gondor.apana.org.au>
Tue, 20 Oct 2015 14:10:47 +0000 (22:10 +0800)
The patch fixes the analysis of the input data which contains an off
by one.

The issue is visible when the SGL contains one byte per SG entry.
The code for checking for zero bytes does not operate on the data byte.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
lib/mpi/mpicoder.c

index c20ef27ad87675a15ee8ca25e9d2d19798268e7b..c7e0a705eecfb1c389dcef39ee4f97c451728d44 100644 (file)
@@ -446,8 +446,11 @@ MPI mpi_read_raw_from_sgl(struct scatterlist *sgl, unsigned int len)
                const u8 *buff = sg_virt(sg);
                int len = sg->length;
 
-               while (len-- && !*buff++)
+               while (len && !*buff) {
                        lzeros++;
+                       len--;
+                       buff++;
+               }
 
                if (len && *buff)
                        break;