Skip to content

Commit

Permalink
block/partitions/efi.c: fix bound check
Browse files Browse the repository at this point in the history
Use ARRAY_SIZE instead of sizeof to get proper max for label length.

Since this is just a read out of bounds it's not that bad, but the
problem becomes user-visible eg if one tries to use DEBUG_PAGEALLOC and
DEBUG_RODATA, at least with some enhancements from Hiroshi.  Of course
the destination array can contain garbage when we read beyond the end of
source array so that would be another user-visible problem.

Signed-off-by: Antti P Miettinen <[email protected]>
Reviewed-by: Hiroshi Doyu <[email protected]>
Tested-by: Hiroshi Doyu <[email protected]>
Cc: Will Drewry <[email protected]>
Cc: Matt Fleming <[email protected]>
Acked-by: Davidlohr Bueso <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
  • Loading branch information
Antti P Miettinen authored and torvalds committed Nov 22, 2013
1 parent 51a0d03 commit 49204c1
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions block/partitions/efi.c
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@
* - Code works, detects all the partitions.
*
************************************************************/
#include <linux/kernel.h>
#include <linux/crc32.h>
#include <linux/ctype.h>
#include <linux/math64.h>
Expand Down Expand Up @@ -715,8 +716,8 @@ int efi_partition(struct parsed_partitions *state)
efi_guid_unparse(&ptes[i].unique_partition_guid, info->uuid);

/* Naively convert UTF16-LE to 7 bits. */
label_max = min(sizeof(info->volname) - 1,
sizeof(ptes[i].partition_name));
label_max = min(ARRAY_SIZE(info->volname) - 1,
ARRAY_SIZE(ptes[i].partition_name));
info->volname[label_max] = 0;
while (label_count < label_max) {
u8 c = ptes[i].partition_name[label_count] & 0xff;
Expand Down

0 comments on commit 49204c1

Please sign in to comment.