Linux Kernel ext4 Off-by-One Vulnerability in Fast-Commit Block Filling

An off-by-one vulnerability has been identified in the Linux kernel's ext4 file system, specifically in how fast-commit blocks are populated with TLV (Type-Length-Value) entries. This issue arises from several off-by-one errors or a design change that was not properly implemented in the merged code. As a result, there are unusual constraints on filling fast-commit blocks: TLVs must start at least 10 bytes from the block's end, despite a minimum TLV length of 8 bytes, or the replay code will disregard them. Additionally, TLVs must finish at least 1 byte before the block's end, as the replay code will consider them invalid, leading to a previous bug where uninitialized memory was inadvertently written to disk.