>  ubifs_assert(c, p < c->gap_lebs + c->lst.idx_lebs);

I've done 50 problem reproduces on different flash devices and made sure that the assertion was not triggered. See record.txt for details.

-----邮件原件-----
发件人: chengzhihao 
发送时间: 2019年8月14日 9:20
收件人: 'Richard Weinberger' <richard.weinberger@gmail.com>
抄送: Richard Weinberger <richard@nod.at>; Sascha Hauer <s.hauer@pengutronix.de>; Artem Bityutskiy <dedekind1@gmail.com>; zhangyi (F) <yi.zhang@huawei.com>; linux-mtd@lists.infradead.org; LKML <linux-kernel@vger.kernel.org>
主题: 答复: [PATCH] ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps

Sure, I'll do more tests on different machines to check the assertion. I'm trying to understand when this assertion will be triggered. Although I haven't found this assertion be triggered so far in several tests on x86_64(qemu).

-----邮件原件-----
发件人: Richard Weinberger [mailto:richard.weinberger@gmail.com] 
发送时间: 2019年8月14日 5:44
收件人: chengzhihao <chengzhihao1@huawei.com>
抄送: Richard Weinberger <richard@nod.at>; Sascha Hauer <s.hauer@pengutronix.de>; Artem Bityutskiy <dedekind1@gmail.com>; zhangyi (F) <yi.zhang@huawei.com>; linux-mtd@lists.infradead.org; LKML <linux-kernel@vger.kernel.org>
主题: Re: [PATCH] ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps

On Tue, Jul 30, 2019 at 3:21 AM chengzhihao <chengzhihao1@huawei.com> wrote:
>
> OK, that's fine, and I will continue to understand more implementation code related to this part.

I think we can go with the realloc() approach for now.
Can you please check whether the assert() triggers?

-- 
Thanks,
//richard