1 files changed, 19 insertions, 14 deletions

diff --git a/fs/fat/inode.c b/fs/fat/inode.c
index e123a9f16..e018eb880 100644
--- a/fs/fat/inode.c
+++ b/fs/fat/inode.c
@@ -243,16 +243,16 @@ static int parse_options(char *options,int *fat, int *blksize, int *debug,
 					ret = 0;
 			}
 		}
-                else if (!strcmp(this_char,"cvf_format")) {
-                        if (!value)
-                                return 0;
-                        strncpy(cvf_format,value,20);
-                }
-                else if (!strcmp(this_char,"cvf_options")) {
-                        if (!value)
-                                return 0;
-                        strncpy(cvf_options,value,100);
-                }
+		else if (!strcmp(this_char,"cvf_format")) {
+			if (!value)
+				return 0;
+			strncpy(cvf_format,value,20);
+		}
+		else if (!strcmp(this_char,"cvf_options")) {
+			if (!value)
+				return 0;
+			strncpy(cvf_options,value,100);
+		}
 
 		if (this_char != options) *(this_char-1) = ',';
 		if (value) *savep = save;
@@ -302,7 +302,7 @@ fat_read_super(struct super_block *sb, void *data, int silent)
 
 	opts.isvfat = MSDOS_SB(sb)->options.isvfat;
 	if (!parse_options((char *) data, &fat, &blksize, &debug, &opts, 
-	                   cvf_format, cvf_options)
+			   cvf_format, cvf_options)
 	    || (blksize != 512 && blksize != 1024 && blksize != 2048))
 		goto out_fail;
 	/* N.B. we should parse directly into the sb structure */
@@ -364,6 +364,11 @@ fat_read_super(struct super_block *sb, void *data, int silent)
 		MSDOS_SB(sb)->root_cluster = CF_LE_L(b->root_cluster);
 		MSDOS_SB(sb)->fsinfo_offset =
 			CF_LE_W(b->info_sector) * logical_sector_size + 0x1e0;
+		if (MSDOS_SB(sb)->fsinfo_offset + sizeof(struct fat_boot_fsinfo) > sb->s_blocksize) {
+			printk("fat_read_super: Bad fsinfo_offset\n");
+			fat_brelse(sb, bh);
+			goto out_invalid;
+		}
 		fsinfo = (struct fat_boot_fsinfo *)
 			&bh->b_data[MSDOS_SB(sb)->fsinfo_offset];
 		if (CF_LE_L(fsinfo->signature) != 0x61417272) {
@@ -428,7 +433,7 @@ fat_read_super(struct super_block *sb, void *data, int silent)
 		       MSDOS_SB(sb)->fat_bits,opts.name_check,
 		       opts.conversion,opts.fs_uid,opts.fs_gid,opts.fs_umask,
 		       MSDOS_CAN_BMAP(MSDOS_SB(sb)) ? ",bmap" : "");
-		printk("[me=0x%x,cs=%d,#f=%d,fs=%d,fl=%d,ds=%d,de=%d,data=%d,"
+		printk("[me=0x%x,cs=%d,#f=%d,fs=%d,fl=%ld,ds=%ld,de=%d,data=%ld,"
 		       "se=%d,ts=%ld,ls=%d,rc=%ld,fc=%u]\n",
 			b->media,MSDOS_SB(sb)->cluster_size,
 			MSDOS_SB(sb)->fats,MSDOS_SB(sb)->fat_start,
@@ -519,10 +524,10 @@ int fat_statfs(struct super_block *sb,struct statfs *buf, int bufsiz)
 	int free,nr;
 	struct statfs tmp;
        
-        if (MSDOS_SB(sb)->cvf_format &&
+	if (MSDOS_SB(sb)->cvf_format &&
 	    MSDOS_SB(sb)->cvf_format->cvf_statfs)
 		return MSDOS_SB(sb)->cvf_format->cvf_statfs(sb,buf,bufsiz);
-          
+	  
 	lock_fat(sb);
 	if (MSDOS_SB(sb)->free_clusters != -1)
 		free = MSDOS_SB(sb)->free_clusters;