From a4aff9ca5bcc3df76dcb3d49765674feba3d7654 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Wed, 31 Aug 2011 14:27:21 -0400 Subject: [PATCH] libext2fs: fix binary search for the icount and badblocks stores Remove the interpolation because there is a bug in icount which can cause a core dump if calculated range gets turned into a NaN and then do an out-of-bounds array access. We could fix this with some more tests, but the complexity is such that nuking all of the interpolation code will be faster than fixing the interpolation. Signed-off-by: "Theodore Ts'o" --- lib/ext2fs/badblocks.c | 2 +- lib/ext2fs/icount.c | 26 +------------------------- 2 files changed, 2 insertions(+), 26 deletions(-) diff --git a/lib/ext2fs/badblocks.c b/lib/ext2fs/badblocks.c index 5eb28b78..4312e190 100644 --- a/lib/ext2fs/badblocks.c +++ b/lib/ext2fs/badblocks.c @@ -177,7 +177,7 @@ int ext2fs_u32_list_find(ext2_u32_list bb, __u32 blk) return high; while (low < high) { - mid = (low+high)/2; + mid = ((unsigned)low + (unsigned)high)/2; if (mid == low || mid == high) break; if (blk == bb->list[mid]) diff --git a/lib/ext2fs/icount.c b/lib/ext2fs/icount.c index 43cc53e1..9223f662 100644 --- a/lib/ext2fs/icount.c +++ b/lib/ext2fs/icount.c @@ -363,31 +363,7 @@ static struct ext2_icount_el *get_icount_el(ext2_icount_t icount, low = 0; high = (int) icount->count-1; while (low <= high) { -#if 0 - mid = (low+high)/2; -#else - if (low == high) - mid = low; - else { - /* Interpolate for efficiency */ - lowval = icount->list[low].ino; - highval = icount->list[high].ino; - - if (ino < lowval) - range = 0; - else if (ino > highval) - range = 1; - else { - range = ((float) (ino - lowval)) / - (highval - lowval); - if (range > 0.9) - range = 0.9; - if (range < 0.1) - range = 0.1; - } - mid = low + ((int) (range * (high-low))); - } -#endif + mid = ((unsigned)low + (unsigned)high) >> 1; if (ino == icount->list[mid].ino) { icount->cursor = mid+1; return &icount->list[mid];