data[maxIndex] can only be accessed safely when maxBit is non zero. I missed this in r40143.

This bug only happens for bitmaps with unusual lengths (often the last blockgroup block bitmap) and which happen to be full.
Should fix #7074.


git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@40175 a95241bf-73f2-0310-859d-f6bbb57e9c96

src/add-ons/kernel/file_systems/ext2/BitmapBlock.cpp

@@ -410,7 +410,7 @@ BitmapBlock::FindNextMarked(uint32& pos)
 	TRACE("BitmapBlock::FindNextMarked(): index: %lu, bit: %lu, mask: %lX, "
 		"bits: %lX\n", index, bit, mask, bits);
 
-	bits = bits & ~mask;
+	bits &= ~mask;
 	uint32 maxBit = 32;
 
 	if (bits == 0) {
@@ -422,7 +422,6 @@ BitmapBlock::FindNextMarked(uint32& pos)
 			index++;
 		} while (index < maxIndex && data[index] == 0);
 
-		bits = B_LENDIAN_TO_HOST_INT32(data[index]);
 		if (index >= maxIndex) {
 			maxBit = fNumBits & 0x1F;
 
@@ -433,14 +432,15 @@ BitmapBlock::FindNextMarked(uint32& pos)
 				pos = fNumBits;
 				return;
 			}
+			bits = B_LENDIAN_TO_HOST_INT32(data[maxIndex]);
 			mask = (1 << maxBit) - 1;
 			if ((bits & mask) == 0) {
 				pos = fNumBits;
 				return;
 			}
 			maxBit++;
-		}
+		} else
-
+			bits = B_LENDIAN_TO_HOST_INT32(data[index]);
 		bit = 0;
 	}
 
@@ -493,7 +493,6 @@ BitmapBlock::FindNextUnmarked(uint32& pos)
 			index++;
 		} while (index < maxIndex && data[index] == 0xFFFFFFFF);
 
-		bits = B_LENDIAN_TO_HOST_INT32(data[index]);
 		if (index >= maxIndex) {
 			maxBit = fNumBits & 0x1F;
 
@@ -504,13 +503,15 @@ BitmapBlock::FindNextUnmarked(uint32& pos)
 				pos = fNumBits;
 				return;
 			}
+			bits = B_LENDIAN_TO_HOST_INT32(data[maxIndex]);
 			mask = (1 << maxBit) - 1;
 			if ((bits & mask) == mask) {
 				pos = fNumBits;
 				return;
 			}
 			maxBit++;
-		}
+		} else
+			bits = B_LENDIAN_TO_HOST_INT32(data[index]);
 		bit = 0;
 	}