In part_get_info_efi() we use the output of print_efiname() to set info->name[]. The size of info->name is PART_NAME_LEN = 32 but print_efiname() returns a string with a maximum length of PARTNAME_SZ + 1 = 37.

Use snprintf() instead of sprintf() to avoid buffer overflow.

Signed-off-by: Heinrich Schuchardt xypron.glpk@gmx.de --- disk/part_efi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/disk/part_efi.c b/disk/part_efi.c index c0fa753339..8626d4ee7b 100644 --- a/disk/part_efi.c +++ b/disk/part_efi.c @@ -313,7 +313,7 @@ int part_get_info_efi(struct blk_desc *dev_desc, int part, - info->start; info->blksz = dev_desc->blksz;

- sprintf((char *)info->name, "%s", + snprintf((char *)info->name, sizeof(info->name), "%s", print_efiname(&gpt_pte[part - 1])); strcpy((char *)info->type, "U-Boot"); info->bootable = is_bootable(&gpt_pte[part - 1]); -- 2.20.1