[1mdiff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c[m
[1mindex dfc0197..ccb781a 100644[m
[1m--- a/fs/binfmt_flat.c[m
[1m+++ b/fs/binfmt_flat.c[m
[36m@@ -229,13 +229,13 @@ static int decompress_exec(
[m 	ret = 10;
[m 	if (buf[3] & EXTRA_FIELD) {
[m 		ret += 2 + buf[10] + (buf[11] << 8);
[m[31m-		if (unlikely(LBUFSIZE == ret)) {
[m[32m+[m		[32mif (unlikely(LBUFSIZE <= ret)) {[m
 			DBG_FLT("binfmt_flat: buffer overflow (EXTRA)?\n");
[m 			goto out_free_buf;
[m 		}
[m 	}
[m 	if (buf[3] & ORIG_NAME) {
[m[31m-		for (; ret < LBUFSIZE && (buf[ret] != 0); ret++)
[m[32m+[m		[32mwhile (ret < LBUFSIZE && buf[ret++] != 0)[m
 			;
[m 		if (unlikely(LBUFSIZE == ret)) {
[m 			DBG_FLT("binfmt_flat: buffer overflow (ORIG_NAME)?\n");
[m[36m@@ -243,7 +243,7 @@ static int decompress_exec(
[m 		}
[m 	}
[m 	if (buf[3] & COMMENT) {
[m[31m-		for (;  ret < LBUFSIZE && (buf[ret] != 0); ret++)
[m[32m+[m		[32mwhile (ret < LBUFSIZE && buf[ret++] != 0)[m
 			;
[m 		if (unlikely(LBUFSIZE == ret)) {
[m 			DBG_FLT("binfmt_flat: buffer overflow (COMMENT)?\n");
[m