vvfat: fix out of bounds array_get usage When reading the address of the first free entry, you cannot use array_get without first marking all entries as occupied. This is visible if you change the sectors per cluster on a floppy from 2 to 1. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>

commit: 2b6a43a835e5082dedc6a5eea39a59463f97c81c [log] [tgz]
author: Paolo Bonzini <pbonzini@redhat.com> Wed Oct 05 09:12:03 2011 +0200
committer: Kevin Wolf <kwolf@redhat.com> Fri Nov 04 15:42:44 2011 +0100
tree: 93ac44583b153d77d22cbdcb3d24bd91f9d555a5
parent: 756f51e408febecdaff041f096527b820e857762 [diff]
diff --git a/block/vvfat.c b/block/vvfat.c
index e1fcdbc..75d0dc0 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c

@@ -799,6 +799,7 @@
 	/* root directory */
 	int cur = s->directory.next;
 	array_ensure_allocated(&(s->directory), ROOT_ENTRIES - 1);
+	s->directory.next = ROOT_ENTRIES;
 	memset(array_get(&(s->directory), cur), 0,
 		(ROOT_ENTRIES - cur) * sizeof(direntry_t));
     }
commit	2b6a43a835e5082dedc6a5eea39a59463f97c81c	[log] [tgz]
author	Paolo Bonzini <pbonzini@redhat.com>	Wed Oct 05 09:12:03 2011 +0200
committer	Kevin Wolf <kwolf@redhat.com>	Fri Nov 04 15:42:44 2011 +0100
tree	93ac44583b153d77d22cbdcb3d24bd91f9d555a5
parent	756f51e408febecdaff041f096527b820e857762 [diff]