From 51b4b398707497daa048a859bac59925921b101d Mon Sep 17 00:00:00 2001
From: Sami Kerola <kerolasa@iki.fi>
Date: Mon, 15 May 2017 11:54:43 +0100
Subject: [PATCH] fsck.minix: fix crash

disk-utils/fsck.minix.c:421:30: runtime error: index 513 out of bounds for
type 'unsigned short [512]'

Addresses: https://github.com/karelzak/util-linux/issues/373
Reported-by: Hanno Bock <hanno@gentoo.org>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---
 disk-utils/fsck.minix.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/disk-utils/fsck.minix.c b/disk-utils/fsck.minix.c
index 34fbfdf72..1b4d9b461 100644
--- a/disk-utils/fsck.minix.c
+++ b/disk-utils/fsck.minix.c
@@ -401,6 +401,7 @@ map_block(struct minix_inode *inode, unsigned int blknr) {
 	unsigned short ind[MINIX_BLOCK_SIZE >> 1];
 	unsigned short dind[MINIX_BLOCK_SIZE >> 1];
 	int blk_chg, block, result;
+	size_t range;
 
 	if (blknr < 7)
 		return check_zone_nr(inode->i_zone + blknr, &changed);
@@ -418,7 +419,12 @@ map_block(struct minix_inode *inode, unsigned int blknr) {
 	block = check_zone_nr(inode->i_zone + 8, &changed);
 	read_block(block, (char *)dind);
 	blk_chg = 0;
-	result = check_zone_nr(dind + (blknr / 512), &blk_chg);
+	range = blknr / 512;
+	if (ARRAY_SIZE(dind) <= range) {
+		printf(_("Warning: block out of range\n"));
+		return 1;
+	}
+	result = check_zone_nr(dind + range, &blk_chg);
 	if (blk_chg)
 		write_block(block, (char *)dind);
 	block = result;