From 49204c116a9ee24536d371be02a2f05e6493c949 Mon Sep 17 00:00:00 2001 From: Antti P Miettinen Date: Thu, 21 Nov 2013 14:32:05 -0800 Subject: block/partitions/efi.c: fix bound check Use ARRAY_SIZE instead of sizeof to get proper max for label length. Since this is just a read out of bounds it's not that bad, but the problem becomes user-visible eg if one tries to use DEBUG_PAGEALLOC and DEBUG_RODATA, at least with some enhancements from Hiroshi. Of course the destination array can contain garbage when we read beyond the end of source array so that would be another user-visible problem. Signed-off-by: Antti P Miettinen Reviewed-by: Hiroshi Doyu Tested-by: Hiroshi Doyu Cc: Will Drewry Cc: Matt Fleming Acked-by: Davidlohr Bueso Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- block/partitions/efi.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/block/partitions/efi.c b/block/partitions/efi.c index a8287b49d062..dc51f467a560 100644 --- a/block/partitions/efi.c +++ b/block/partitions/efi.c @@ -96,6 +96,7 @@ * - Code works, detects all the partitions. * ************************************************************/ +#include #include #include #include @@ -715,8 +716,8 @@ int efi_partition(struct parsed_partitions *state) efi_guid_unparse(&ptes[i].unique_partition_guid, info->uuid); /* Naively convert UTF16-LE to 7 bits. */ - label_max = min(sizeof(info->volname) - 1, - sizeof(ptes[i].partition_name)); + label_max = min(ARRAY_SIZE(info->volname) - 1, + ARRAY_SIZE(ptes[i].partition_name)); info->volname[label_max] = 0; while (label_count < label_max) { u8 c = ptes[i].partition_name[label_count] & 0xff; -- cgit v1.2.3-70-g09d2