From d6d21dfdd305bf94300df13ff472141d3411ea17 Mon Sep 17 00:00:00 2001 From: Darren Jenkins Date: Sun, 26 Mar 2006 01:37:34 -0800 Subject: [PATCH] fix array overrun in efi.c Coverity found an over-run @ line 364 of efi.c This is due to the loop checking the size correctly, then adding a '\0' after possibly hitting the end of the array. Ensure the loop exits with one space left in the array. Signed-off-by: Darren Jenkins Signed-off-by: Adrian Bunk Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- arch/i386/kernel/efi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'arch/i386/kernel') diff --git a/arch/i386/kernel/efi.c b/arch/i386/kernel/efi.c index c224c2aebba..9202b67c4b2 100644 --- a/arch/i386/kernel/efi.c +++ b/arch/i386/kernel/efi.c @@ -361,7 +361,7 @@ void __init efi_init(void) */ c16 = (efi_char16_t *) boot_ioremap(efi.systab->fw_vendor, 2); if (c16) { - for (i = 0; i < sizeof(vendor) && *c16; ++i) + for (i = 0; i < (sizeof(vendor) - 1) && *c16; ++i) vendor[i] = *c16++; vendor[i] = '\0'; } else -- cgit v1.2.3