jffs2: Fix rtime decompressor

The fix for a memory corruption contained a off-by-one error and
caused the compressor to fail in legit cases.

Cc: Kinsey Moore <kinsey.moore@oarcorp.com>
Cc: stable@vger.kernel.org
Fixes: fe051552f5078 ("jffs2: Prevent rtime decompress memory corruption")
Signed-off-by: Richard Weinberger <richard@nod.at>

diff --git a/fs/jffs2/compr_rtime.c b/fs/jffs2/compr_rtime.c
index 2b9ef713b844afa71ab047c23a244b76c2bce6a1..3bd9d2f3bece203b1dd6814800d0a382ece8a416 100644 (file)
--- a/fs/jffs2/compr_rtime.c
+++ b/fs/jffs2/compr_rtime.c
@@ -95,7 +95,7 @@ static int jffs2_rtime_decompress(unsigned char *data_in,
 
                positions[value]=outpos;
                if (repeat) {
-                       if ((outpos + repeat) >= destlen) {
+                       if ((outpos + repeat) > destlen) {
                                return 1;
                        }
                        if (backoffs + repeat >= outpos) {