From ecdd5dabd33d67066d476467e447cdcadab90550 Mon Sep 17 00:00:00 2001 From: Zou Nan hai Date: Tue, 7 Feb 2006 11:25:55 +0800 Subject: [IA64] Fix a possible buffer overflow in efi.c Make sure to save space for the trailing '\0'. Signed-off-by: Zou Nan hai Signed-off-by: Tony Luck --- arch/ia64/kernel/efi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'arch/ia64/kernel/efi.c') diff --git a/arch/ia64/kernel/efi.c b/arch/ia64/kernel/efi.c index c485a3b32ba..d51c2f21487 100644 --- a/arch/ia64/kernel/efi.c +++ b/arch/ia64/kernel/efi.c @@ -458,7 +458,7 @@ efi_init (void) /* Show what we know for posterity */ c16 = __va(efi.systab->fw_vendor); if (c16) { - for (i = 0;i < (int) sizeof(vendor) && *c16; ++i) + for (i = 0;i < (int) sizeof(vendor) - 1 && *c16; ++i) vendor[i] = *c16++; vendor[i] = '\0'; } -- cgit v1.2.3 From 9d78f43d1fd3e028bfd37510ce847d0896f71f78 Mon Sep 17 00:00:00 2001 From: Zou Nan hai Date: Tue, 7 Feb 2006 11:35:46 +0800 Subject: [IA64] Fix wrong use of memparse in efi.c The check of (end != cp) after memparse in efi.c looks wrong to me. The result is that we can't use mem= and max_addr= kernel parameter at the same time. The following patch removed the check just like other arches do. Signed-off-by: Zou Nan hai Signed-off-by: Tony Luck --- arch/ia64/kernel/efi.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) (limited to 'arch/ia64/kernel/efi.c') diff --git a/arch/ia64/kernel/efi.c b/arch/ia64/kernel/efi.c index d51c2f21487..9990320b6f9 100644 --- a/arch/ia64/kernel/efi.c +++ b/arch/ia64/kernel/efi.c @@ -410,24 +410,16 @@ efi_init (void) efi_config_table_t *config_tables; efi_char16_t *c16; u64 efi_desc_size; - char *cp, *end, vendor[100] = "unknown"; + char *cp, vendor[100] = "unknown"; extern char saved_command_line[]; int i; /* it's too early to be able to use the standard kernel command line support... */ for (cp = saved_command_line; *cp; ) { if (memcmp(cp, "mem=", 4) == 0) { - cp += 4; - mem_limit = memparse(cp, &end); - if (end != cp) - break; - cp = end; + mem_limit = memparse(cp + 4, &cp); } else if (memcmp(cp, "max_addr=", 9) == 0) { - cp += 9; - max_addr = GRANULEROUNDDOWN(memparse(cp, &end)); - if (end != cp) - break; - cp = end; + max_addr = GRANULEROUNDDOWN(memparse(cp + 9, &cp)); } else { while (*cp != ' ' && *cp) ++cp; -- cgit v1.2.3