[2.6 patch] fix array over-run in efi.c

From: Darren Jenkins <[email protected]>

Coverity found an over-run @ line 364 of efi.c

This is due to the loop checking the size correctly, then adding a '\0'
after possibly hitting the end of the array.

The patch below just ensures the loop exits with one space left in the
array.

Compile tested.


Signed-off-by: Darren Jenkins <[email protected]>
Signed-off-by: Adrian Bunk <[email protected]>

---

This patch was sent by Darren Jenkins on:
- 08 Mar 2006

--- linux-2.6.16-rc5/arch/i386/kernel/efi.c.orig	2006-03-08 12:31:14.000000000 +1100
+++ linux-2.6.16-rc5/arch/i386/kernel/efi.c	2006-03-08 12:37:59.000000000 +1100
@@ -359,7 +359,7 @@ void __init efi_init(void)
 	 */
 	c16 = (efi_char16_t *) boot_ioremap(efi.systab->fw_vendor, 2);
 	if (c16) {
-		for (i = 0; i < sizeof(vendor) && *c16; ++i)
+		for (i = 0; i < (sizeof(vendor) - 1) && *c16; ++i)
 			vendor[i] = *c16++;
 		vendor[i] = '\0';
 	} else



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [2.6 patch] fix array over-run in efi.c
  - From: Jan Engelhardt <[email protected]>

Prev by Date: Re: SMP busted on non-cpu-hotplug systems
Next by Date: Re: [PATCH] PM-Timer: doesn't use workaround if chipset is not buggy
Previous by thread: tmpfs bug? Out of memory when not
Next by thread: Re: [2.6 patch] fix array over-run in efi.c
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]