From: Andreas Gruenbacher <agruen@suse.de>

64-bit pointer arithmetic bug in xattr code

The int offset is not enought to hold the difference between arbitraty
pointers on 64-bit machines.  Compute the offset of here and last inside
HDR(bh) instead.



 fs/ext2/xattr.c |    8 +++++---
 fs/ext3/xattr.c |    7 ++++---
 2 files changed, 9 insertions(+), 6 deletions(-)

diff -puN fs/ext2/xattr.c~xattr-arith-fix fs/ext2/xattr.c
--- 25/fs/ext2/xattr.c~xattr-arith-fix	2003-11-13 09:44:20.000000000 -0800
+++ 25-akpm/fs/ext2/xattr.c	2003-11-13 09:44:20.000000000 -0800
@@ -617,9 +617,11 @@ bad_block:		ext2_error(sb, "ext2_xattr_s
 				goto cleanup;
 			memcpy(header, HDR(bh), bh->b_size);
 			header->h_refcount = cpu_to_le32(1);
-			offset = (char *)header - bh->b_data;
-			here = ENTRY((char *)here + offset);
-			last = ENTRY((char *)last + offset);
+
+			offset = (char *)here - bh->b_data;
+			here = ENTRY((char *)header + offset);
+			offset = (char *)last - bh->b_data;
+			last = ENTRY((char *)header + offset);
 		}
 	} else {
 		/* Allocate a buffer where we construct the new block. */
diff -puN fs/ext3/xattr.c~xattr-arith-fix fs/ext3/xattr.c
--- 25/fs/ext3/xattr.c~xattr-arith-fix	2003-11-13 09:44:20.000000000 -0800
+++ 25-akpm/fs/ext3/xattr.c	2003-11-13 09:44:20.000000000 -0800
@@ -629,9 +629,10 @@ bad_block:		ext3_error(sb, "ext3_xattr_s
 				goto cleanup;
 			memcpy(header, HDR(bh), bh->b_size);
 			header->h_refcount = cpu_to_le32(1);
-			offset = (char *)header - bh->b_data;
-			here = ENTRY((char *)here + offset);
-			last = ENTRY((char *)last + offset);
+			offset = (char *)here - bh->b_data;
+			here = ENTRY((char *)header + offset);
+			offset = (char *)last - bh->b_data;
+			last = ENTRY((char *)header + offset);
 		}
 	} else {
 		/* Allocate a buffer where we construct the new block. */

_