From: Darren Jenkins <darrenrjenkins@gmail.com>
Date: Sun, 26 Mar 2006 09:37:34 +0000 (-0800)
Subject: [PATCH] fix array overrun in efi.c
X-Git-Tag: v2.6.17-rc1~622
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d6d21dfdd305bf94300df13ff472141d3411ea17;p=platform%2Fkernel%2Flinux-3.10.git

[PATCH] fix array overrun in efi.c

Coverity found an over-run @ line 364 of efi.c

This is due to the loop checking the size correctly, then adding a '\0'
after possibly hitting the end of the array.

Ensure the loop exits with one space left in the array.

Signed-off-by: Darren Jenkins <darrenrjenkins@gmail.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
---

diff --git a/arch/i386/kernel/efi.c b/arch/i386/kernel/efi.c
index c224c2a..9202b67 100644
--- a/arch/i386/kernel/efi.c
+++ b/arch/i386/kernel/efi.c
@@ -361,7 +361,7 @@ void __init efi_init(void)
 	 */
 	c16 = (efi_char16_t *) boot_ioremap(efi.systab->fw_vendor, 2);
 	if (c16) {
-		for (i = 0; i < sizeof(vendor) && *c16; ++i)
+		for (i = 0; i < (sizeof(vendor) - 1) && *c16; ++i)
 			vendor[i] = *c16++;
 		vendor[i] = '\0';
 	} else