Fix an out of boundary access in fat.c From SD Specifications Part2 - File System For Next Free Cluster, value FFFFFFFFh indicates that there exists no information about the first available (free) cluster. It is a valid value. However fat.c doesn't check the value before use it as array index. This will cause fsck_msdos coredump with some micro sd cards Change-Id: Ibdec1655399d95c3ca98a4f4aaed1fd9bf459f33 Signed-off-by: Ethan <ethan.too@gmail.com>

commit: 59ae828834dc177c74775cf36cafda4da9927bd9 [log] [tgz]
author: Ethan <ethan.too@gmail.com> Wed Jul 21 21:57:05 2010 +0800
committer: Ethan <ethan.too@gmail.com> Wed Jul 21 21:57:05 2010 +0800
tree: 6f399eaeb950ea0ce179115e9a6edf76d2a96ce3
parent: a6eb0d1794880492a5779fd8e871eb9ceb3e8737 [diff]
diff --git a/fat.c b/fat.c
index 8871407..d07be09 100644
--- a/fat.c
+++ b/fat.c

@@ -692,16 +692,18 @@
 				ret = 1;
 			}
 		}
-		if (boot->NumFree && fat[boot->FSNext].next != CLUST_FREE) {
-			pwarn("Next free cluster in FSInfo block (%u) not free\n",
-			      boot->FSNext);
-			if (ask(1, "Fix"))
-				for (head = CLUST_FIRST; head < boot->NumClusters; head++)
-					if (fat[head].next == CLUST_FREE) {
-						boot->FSNext = head;
-						ret = 1;
-						break;
-					}
+		if (boot->NumFree) {
+			if ((boot->FSNext >= boot->NumClusters) || (fat[boot->FSNext].next != CLUST_FREE)) {
+				pwarn("Next free cluster in FSInfo block (%u) not free\n",
+				      boot->FSNext);
+				if (ask(1, "Fix"))
+					for (head = CLUST_FIRST; head < boot->NumClusters; head++)
+						if (fat[head].next == CLUST_FREE) {
+							boot->FSNext = head;
+							ret = 1;
+							break;
+						}
+			}
 		}
 		if (ret)
 			mod |= writefsinfo(dosfs, boot);
commit	59ae828834dc177c74775cf36cafda4da9927bd9	[log] [tgz]
author	Ethan <ethan.too@gmail.com>	Wed Jul 21 21:57:05 2010 +0800
committer	Ethan <ethan.too@gmail.com>	Wed Jul 21 21:57:05 2010 +0800
tree	6f399eaeb950ea0ce179115e9a6edf76d2a96ce3
parent	a6eb0d1794880492a5779fd8e871eb9ceb3e8737 [diff]