block: fix infinite loop in badblocks_clear()

An infinite loop can occur in _badblocks_clear() when BB_OFFSET(p[prev + 1])
equals bad.start, resulting in len = 0. This causes the update_sectors loop
to spin forever without making progress:

    s += 0;         // no advancement
    sectors -= 0;   // stays positive
    goto re_clear;  // infinite loop

The bug exists in two code paths:
1. _badblocks_clear() at line 1153 (behind overlap check)
2. _badblocks_check() at line 1240 (behind overlap check)

Add checks in both functions to ensure len is non-zero before entering
the loop.

Signed-off-by: Ramesh Adhikari <[email protected]>

Author: SilentSobs

block/badblocks.c

@@ -1151,6 +1151,10 @@ static bool _badblocks_clear(struct badblocks *bb, sector_t s, sector_t sectors)
 	/* Not front overlap, but behind overlap */
 	if ((prev + 1) < bb->count && overlap_behind(bb, &bad, prev + 1)) {
 		len = BB_OFFSET(p[prev + 1]) - bad.start;
+		if (len == 0) {
+			pr_warn_once("badblocks_clear: zero-length segment detected\n");
+			len = 1;
+		}
 		hint = prev + 1;
 		/* Clear non-bad range should be treated as successful */
 		cleared++;
@@ -1234,6 +1238,10 @@ static int _badblocks_check(struct badblocks *bb, sector_t s, sector_t sectors,
 	/* Not front overlap, but behind overlap */
 	if ((prev + 1) < bb->count && overlap_behind(bb, &bad, prev + 1)) {
 		len = BB_OFFSET(p[prev + 1]) - bad.start;
+		if (len == 0) {
+			pr_warn_once("badblocks_check: zero-length segment detected\n");
+			len = 1;
+		}
 		hint = prev + 1;
 		goto update_sectors;
 	}