libext2fs: fix binary search for the icount and badblocks stores

Remove the interpolation because there is a bug in icount which can
cause a core dump if calculated range gets turned into a NaN and then
do an out-of-bounds array access.  We could fix this with some more
tests, but the complexity is such that nuking all of the interpolation
code will be faster than fixing the interpolation.

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>

lib/ext2fs/badblocks.c

@@ -177,7 +177,7 @@ int ext2fs_u32_list_find(ext2_u32_list bb, __u32 blk)
 		return high;
 
 	while (low < high) {
-		mid = (low+high)/2;
+		mid = ((unsigned)low + (unsigned)high)/2;
 		if (mid == low || mid == high)
 			break;
 		if (blk == bb->list[mid])

lib/ext2fs/icount.c

@@ -363,31 +363,7 @@ static struct ext2_icount_el *get_icount_el(ext2_icount_t icount,
 	low = 0;
 	high = (int) icount->count-1;
 	while (low <= high) {
-#if 0
-		mid = (low+high)/2;
-#else
-		if (low == high)
-			mid = low;
-		else {
-			/* Interpolate for efficiency */
-			lowval = icount->list[low].ino;
-			highval = icount->list[high].ino;
-
-			if (ino < lowval)
-				range = 0;
-			else if (ino > highval)
-				range = 1;
-			else {
-				range = ((float) (ino - lowval)) /
-					(highval - lowval);
-				if (range > 0.9)
-					range = 0.9;
-				if (range < 0.1)
-					range = 0.1;
-			}
-			mid = low + ((int) (range * (high-low)));
-		}
-#endif
+		mid = ((unsigned)low + (unsigned)high) >> 1;
 		if (ino == icount->list[mid].ino) {
 			icount->cursor = mid+1;
 			return &icount->list[mid];