From b56baf5bedccd3258643b09289f17ceab3ddea52 Mon Sep 17 00:00:00 2001
From: Yan <yanzheng@21cn.com>
Date: Mon, 29 Oct 2007 12:01:05 -0400
Subject: [PATCH] Minor fix for btrfs_csum_file_block.

Execution should goto label 'insert' when 'btrfs_next_leaf' return a
non-zero value, otherwise the parameter 'slot' for
'btrfs_item_key_to_cpu' may be out of bounds. The original codes jump
to  label 'insert' only when 'btrfs_next_leaf' return a negative
value.

Signed-off-by: Chris Mason <chris.mason@oracle.com>
---
 fs/btrfs/file-item.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/fs/btrfs/file-item.c b/fs/btrfs/file-item.c
index 482a2b615327..7eb9a5412e2f 100644
--- a/fs/btrfs/file-item.c
+++ b/fs/btrfs/file-item.c
@@ -178,13 +178,11 @@ int btrfs_csum_file_block(struct btrfs_trans_handle *trans,
 		nritems = btrfs_header_nritems(path->nodes[0]);
 		if (path->slots[0] >= nritems - 1) {
 			ret = btrfs_next_leaf(root, path);
-			if (ret == 1) {
+			if (ret == 1)
 				found_next = 1;
-			} else if (ret == 0) {
-				slot = 0;
-			} else {
+			if (ret != 0)
 				goto insert;
-			}
+			slot = 0;
 		}
 		btrfs_item_key_to_cpu(path->nodes[0], &found_key, slot);
 		if (found_key.objectid != objectid ||
@@ -238,7 +236,7 @@ insert:
 	csum_offset = 0;
 	if (found_next) {
 		u64 tmp = min((u64)i_size_read(inode), next_offset);
-		tmp -= offset + root->sectorsize - 1;
+		tmp -= offset & ~((u64)root->sectorsize -1);
 		tmp >>= root->fs_info->sb->s_blocksize_bits;
 		tmp = max((u64)1, tmp);
 		tmp = min(tmp, (u64)MAX_CSUM_ITEMS(root));
-- 
2.34.1