Merge tag 'regmap-3.4' into regmap-stride

regmap: Last minute bug fix for 3.4

This is a last minute bug fix that was only just noticed since the code
path that's being exercised here is one that is fairly rarely used.  The
changelog for the change itself is extremely clear and the code itself
is obvious to inspection so should be pretty safe.

Conflicts:
	drivers/base/regmap/regmap.c (overlap between the fix and stride code)

1 files changed, 11 insertions, 0 deletions

diff --git a/fs/hfsplus/dir.c b/fs/hfsplus/dir.c
index 88e155f895c..26b53fb09f6 100644
--- a/fs/hfsplus/dir.c
+++ b/fs/hfsplus/dir.c
@@ -150,6 +150,11 @@ static int hfsplus_readdir(struct file *filp, void *dirent, filldir_t filldir)
 		filp->f_pos++;
 		/* fall through */
 	case 1:
+		if (fd.entrylength > sizeof(entry) || fd.entrylength < 0) {
+			err = -EIO;
+			goto out;
+		}
+
 		hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
 			fd.entrylength);
 		if (be16_to_cpu(entry.type) != HFSPLUS_FOLDER_THREAD) {
@@ -181,6 +186,12 @@ static int hfsplus_readdir(struct file *filp, void *dirent, filldir_t filldir)
 			err = -EIO;
 			goto out;
 		}
+
+		if (fd.entrylength > sizeof(entry) || fd.entrylength < 0) {
+			err = -EIO;
+			goto out;
+		}
+
 		hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
 			fd.entrylength);
 		type = be16_to_cpu(entry.type);