From: Darren Jenkins Date: Sun, 26 Mar 2006 09:37:34 +0000 (-0800) Subject: [PATCH] fix array overrun in efi.c X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=d6d21dfdd305bf94300df13ff472141d3411ea17;p=openwrt%2Fstaging%2Fblogic.git [PATCH] fix array overrun in efi.c Coverity found an over-run @ line 364 of efi.c This is due to the loop checking the size correctly, then adding a '\0' after possibly hitting the end of the array. Ensure the loop exits with one space left in the array. Signed-off-by: Darren Jenkins Signed-off-by: Adrian Bunk Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/arch/i386/kernel/efi.c b/arch/i386/kernel/efi.c index c224c2aebbab..9202b67c4b2e 100644 --- a/arch/i386/kernel/efi.c +++ b/arch/i386/kernel/efi.c @@ -361,7 +361,7 @@ void __init efi_init(void) */ c16 = (efi_char16_t *) boot_ioremap(efi.systab->fw_vendor, 2); if (c16) { - for (i = 0; i < sizeof(vendor) && *c16; ++i) + for (i = 0; i < (sizeof(vendor) - 1) && *c16; ++i) vendor[i] = *c16++; vendor[i] = '\0'; } else