From e7987e1b3bdea7912fdef923418c36800ba8cad7 Mon Sep 17 00:00:00 2001
From: Vladimir 'phcoder' Serbinenko <phcoder@gmail.com>
Date: Tue, 13 Dec 2011 23:15:56 +0100
Subject: [PATCH] 	* grub-core/fs/romfs.c (grub_romfs_mount): Fix pointer
 comparison 	overflow.

---
 ChangeLog            | 5 +++++
 grub-core/fs/romfs.c | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 2859e1a7b..d3d7f0ea7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2011-12-13  Vladimir Serbinenko  <phcoder@gmail.com>
+
+	* grub-core/fs/romfs.c (grub_romfs_mount): Fix pointer comparison
+	overflow.
+
 2011-12-13  Vladimir Serbinenko  <phcoder@gmail.com>
 
 	* grub-core/fs/squash4.c (grub_squash_inode): Fix field sizes.
diff --git a/grub-core/fs/romfs.c b/grub-core/fs/romfs.c
index 76e13727d..11c844e91 100644
--- a/grub-core/fs/romfs.c
+++ b/grub-core/fs/romfs.c
@@ -112,7 +112,7 @@ grub_romfs_mount (grub_device_t dev)
   if (err)
     return NULL;
   for (ptr = sb.sb.label; (void *) ptr < (void *) (&sb + 1)
-	 && ptr < sb.d + grub_be_to_cpu32 (sb.sb.total_size); ptr++)
+	 && ptr - sb.d < (grub_ssize_t) grub_be_to_cpu32 (sb.sb.total_size); ptr++)
     if (!*ptr)
       break;
   if ((void *) ptr == &sb + 1)
@@ -124,7 +124,7 @@ grub_romfs_mount (grub_device_t dev)
 	if (err)
 	  return NULL;
 	for (ptr = sb.d; (void *) ptr < (void *) (&sb + 1)
-	       && ptr < sb.d + grub_be_to_cpu32 (sb.sb.total_size); ptr++)
+	       && ptr - sb.d < (grub_ssize_t) grub_be_to_cpu32 (sb.sb.total_size); ptr++)
 	  if (!*ptr)
 	    break;
       }