Fix possible read out of bounds in ucs2_to_utf8

Check that the current character is not the null character after ensuring we are not beyond the end of the buffer. Signed-off-by: Dan Robertson <dan@dlrobertson.com>
rhboot · Jun 23, 2021 · ae57645 · ae57645
1 parent 4069341
commit ae57645
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/efibootmgr.c b/src/efibootmgr.c
@@ -938,7 +938,7 @@ ucs2_to_utf8(const uint16_t * const chars, ssize_t limit)
 		return NULL;
 	memset(ret, 0, limit * 6 +1);
 
-	for (i=0, j=0; chars[i] && i < (limit >= 0 ? limit : i+1); i++,j++) {
+	for (i=0, j=0; i < (limit >= 0 ? limit : i+1) && chars[i]; i++,j++) {
 		if (chars[i] <= 0x7f) {
 			ret[j] = chars[i];
 		} else if (chars[i] > 0x7f && chars[i] <= 0x7ff) {