[PATCH] fix array overrun in efi.c
authorDarren Jenkins <darrenrjenkins@gmail.com>
Sun, 26 Mar 2006 09:37:34 +0000 (01:37 -0800)
committerLinus Torvalds <torvalds@g5.osdl.org>
Sun, 26 Mar 2006 16:56:57 +0000 (08:56 -0800)
Coverity found an over-run @ line 364 of efi.c

This is due to the loop checking the size correctly, then adding a '\0'
after possibly hitting the end of the array.

Ensure the loop exits with one space left in the array.

Signed-off-by: Darren Jenkins <darrenrjenkins@gmail.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
arch/i386/kernel/efi.c

index c224c2aebbab15fb2137222d4bd36bc29574ed58..9202b67c4b2e5cc925b0670d0b3e804dc719abbc 100644 (file)
@@ -361,7 +361,7 @@ void __init efi_init(void)
         */
        c16 = (efi_char16_t *) boot_ioremap(efi.systab->fw_vendor, 2);
        if (c16) {
-               for (i = 0; i < sizeof(vendor) && *c16; ++i)
+               for (i = 0; i < (sizeof(vendor) - 1) && *c16; ++i)
                        vendor[i] = *c16++;
                vendor[i] = '\0';
        } else