From: Martin Peschke <mp3@de.ibm.com>

Values outside the range covered by a histogram with linear scale resulted
in invalid indices pointing to non-existing 'buckets'.  Index is adjusted
to array boundaries, if required.

Signed-off-by: Martin Peschke <mp3@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 lib/statistic.c |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff -puN lib/statistic.c~statistics-infrastructure-fix-buffer-overflow-in-histogram-with-linear lib/statistic.c
--- a/lib/statistic.c~statistics-infrastructure-fix-buffer-overflow-in-histogram-with-linear
+++ a/lib/statistic.c
@@ -1028,9 +1028,12 @@ static s64 statistic_histogram_calc_valu
 
 static int statistic_histogram_calc_index_lin(struct statistic *stat, s64 value)
 {
-	unsigned long long i = value - stat->u.histogram.range_min;
+	unsigned long long i;
+	if (value <= stat->u.histogram.range_min)
+		return 0;
+	i = value - stat->u.histogram.range_min;
 	do_div(i, stat->u.histogram.base_interval);
-	return i;
+	return min(i, (unsigned long long)(stat->u.histogram.last_index));
 }
 
 static int statistic_histogram_calc_index_log2(struct statistic *stat,
_