From 847a2179d07c2779c9c13ed2dad0dc490f95da88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Duval?= <korli@users.berlios.de>
Date: Sun, 9 Jan 2011 10:24:32 +0000
Subject: [PATCH] data[maxIndex] can only be accessed safely when maxBit is non
 zero. I missed this in r40143. This bug only happens for bitmaps with unusual
 lengths (often the last blockgroup block bitmap) and which happen to be full.
 Should fix #7074.

git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@40175 a95241bf-73f2-0310-859d-f6bbb57e9c96
---
 .../kernel/file_systems/ext2/BitmapBlock.cpp        | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/add-ons/kernel/file_systems/ext2/BitmapBlock.cpp b/src/add-ons/kernel/file_systems/ext2/BitmapBlock.cpp
index 0c3219e700..d8ec0b4d37 100644
--- a/src/add-ons/kernel/file_systems/ext2/BitmapBlock.cpp
+++ b/src/add-ons/kernel/file_systems/ext2/BitmapBlock.cpp
@@ -410,7 +410,7 @@ BitmapBlock::FindNextMarked(uint32& pos)
 	TRACE("BitmapBlock::FindNextMarked(): index: %lu, bit: %lu, mask: %lX, "
 		"bits: %lX\n", index, bit, mask, bits);
 
-	bits = bits & ~mask;
+	bits &= ~mask;
 	uint32 maxBit = 32;
 
 	if (bits == 0) {
@@ -422,7 +422,6 @@ BitmapBlock::FindNextMarked(uint32& pos)
 			index++;
 		} while (index < maxIndex && data[index] == 0);
 
-		bits = B_LENDIAN_TO_HOST_INT32(data[index]);
 		if (index >= maxIndex) {
 			maxBit = fNumBits & 0x1F;
 
@@ -433,14 +432,15 @@ BitmapBlock::FindNextMarked(uint32& pos)
 				pos = fNumBits;
 				return;
 			}
+			bits = B_LENDIAN_TO_HOST_INT32(data[maxIndex]);
 			mask = (1 << maxBit) - 1;
 			if ((bits & mask) == 0) {
 				pos = fNumBits;
 				return;
 			}
 			maxBit++;
-		}
-
+		} else
+			bits = B_LENDIAN_TO_HOST_INT32(data[index]);
 		bit = 0;
 	}
 
@@ -493,7 +493,6 @@ BitmapBlock::FindNextUnmarked(uint32& pos)
 			index++;
 		} while (index < maxIndex && data[index] == 0xFFFFFFFF);
 
-		bits = B_LENDIAN_TO_HOST_INT32(data[index]);
 		if (index >= maxIndex) {
 			maxBit = fNumBits & 0x1F;
 
@@ -504,13 +503,15 @@ BitmapBlock::FindNextUnmarked(uint32& pos)
 				pos = fNumBits;
 				return;
 			}
+			bits = B_LENDIAN_TO_HOST_INT32(data[maxIndex]);
 			mask = (1 << maxBit) - 1;
 			if ((bits & mask) == mask) {
 				pos = fNumBits;
 				return;
 			}
 			maxBit++;
-		}
+		} else
+			bits = B_LENDIAN_TO_HOST_INT32(data[index]);
 		bit = 0;
 	}