libext2fs: fix potential OOB read check_for_inode_bad_blocks()

libext2fs: fix potential OOB read check_for_inode_bad_blocks()

If the bad block list has been reset in the middle of an inode scan,
it's possible for bb->list[scan->bad_blocks_ptr] to result in an
out-of-bounds read access.

This is highly unlikely to happen under normal circumstances; in
particular, we generally don't use bad block inodes any more.  In
addition, this would only happen if the bad block inode itself is
corrupt so e2fsck needs to wipe it out.  This might cause e2fsck to
crash, but it will more likely cause a part of the inode table to be
wrongly considered invalid, causing file system to be incorrectly
fixed.

This was reported by TALOS as TALOS-2020-0974 and CVE-2020-6057, but
after closer examination, we don't believe this can be used in any way
to exploit the system or release information about the system, since
all this can do is to cause part of the inode table to be skipped when
it shouldn't be, and this can't be leveraged since any information
about the ASLR of the process is obsolete once e2fsck exits.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>