From 406956c0baac95ae27d49ec4ad1aa73b588771b6 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@suse.de>
Date: Fri, 4 Mar 2011 12:47:31 +1100
Subject: [PATCH] stateblock: fix range check on maxsnapshot

Signed-off-by: NeilBrown <neilb@suse.de>
---
 super.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/super.c b/super.c
index 574952c..53ca542 100644
--- a/super.c
+++ b/super.c
@@ -199,9 +199,10 @@ valid_stateblock(struct lafs_state *st, struct lafs_dev *dv)
 
 	if (memcmp(st->uuid, dv->uuid, 16))
 		return 0;
-	/* FIXME cannot quite be that big! */
-	if (le32_to_cpu(st->maxsnapshot) > (1<<(dv->statebits-3)))
-		return 0;
+
+	if (sizeof(*st) + le32_to_cpu(st->maxsnapshot) * 8
+	    > (1<<dv->statebits))
+ 		return 0;
 
 	return 1;
 }
-- 
2.39.5