jfs: Fix array-index-out-of-bounds in diFree

jira VULN-44735
cve CVE-2024-43858
commit-author Jeongjun Park <aha310510@gmail.com>
commit f73f969

	Reported-by: syzbot+241c815bda521982cb49@syzkaller.appspotmail.com
Fixes: 1da177e ("Linux-2.6.12-rc2")
	Signed-off-by: Jeongjun Park <aha310510@gmail.com>
	Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
(cherry picked from commit f73f969)
	Signed-off-by: Pratham Patel <ppatel@ciq.com>

Author: thefossguy-ciq

fs/jfs/jfs_imap.c

@@ -304,7 +304,7 @@ int diSync(struct inode *ipimap)
 int diRead(struct inode *ip)
 {
 	struct jfs_sb_info *sbi = JFS_SBI(ip->i_sb);
-	int iagno, ino, extno, rc;
+	int iagno, ino, extno, rc, agno;
 	struct inode *ipimap;
 	struct dinode *dp;
 	struct iag *iagp;
@@ -353,8 +353,11 @@ int diRead(struct inode *ip)
 
 	/* get the ag for the iag */
 	agstart = le64_to_cpu(iagp->agstart);
+	agno = BLKTOAG(agstart, JFS_SBI(ip->i_sb));
 
 	release_metapage(mp);
+	if (agno >= MAXAG || agno < 0)
+		return -EIO;
 
 	rel_inode = (ino & (INOSPERPAGE - 1));
 	pageno = blkno >> sbi->l2nbperpage;