fix completely bogus loop condition in getmntent_r

somehow this worked on my simple fstab, but horribly broke in general,
leading to use of uninitialized offset array and crashes.

diff --git a/src/linux/mntent.c b/src/linux/mntent.c
index 26d045c..48c85bd 100644 (file)
--- a/src/linux/mntent.c
+++ b/src/linux/mntent.c
@@ -26,7 +26,7 @@ struct mntent *getmntent_r(FILE *f, struct mntent *mnt, char *linebuf, int bufle
                cnt = sscanf(linebuf, " %n%*s%n %n%*s%n %n%*s%n %n%*s%n %d %d",
                        n, n+1, n+2, n+3, n+4, n+5, n+6, n+7,
                        &mnt->mnt_freq, &mnt->mnt_passno);
-       } while (cnt >= 8 && linebuf[n[0]] != '#');
+       } while (cnt < 2 || linebuf[n[0]] == '#');
 
        linebuf[n[1]] = 0;
        linebuf[n[3]] = 0;