[PATCH] cmd: gpt: Fix off by 1 errors

[Andrew Goodbody]

The buffer for a name to be copied into must also contain the
terminating 0 byte but strlen returns the length of the string without
counting that 0 byte. Adjust the length checks to take this into
account.

This issue found by Smatch.

Signed-off-by: Andrew Goodbody <andrew.goodbody at linaro.org>
---
 cmd/gpt.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/cmd/gpt.c b/cmd/gpt.c
index 27aea2df197..e18e5036a06 100644
--- a/cmd/gpt.c
+++ b/cmd/gpt.c
@@ -911,8 +911,9 @@ static int do_rename_gpt_parts(struct blk_desc *dev_desc, char *subcomm,
 		goto out;
 
 	if (!strcmp(subcomm, "swap")) {
-		if ((strlen(name1) > PART_NAME_LEN) || (strlen(name2) > PART_NAME_LEN)) {
-			printf("Names longer than %d characters are truncated.\n", PART_NAME_LEN);
+		if ((strlen(name1) >= PART_NAME_LEN) || (strlen(name2) >= PART_NAME_LEN)) {
+			printf("Names longer than %d characters are truncated.\n",
+			       PART_NAME_LEN - 1);
 			ret = -EINVAL;
 			goto out;
 		}
@@ -967,8 +968,9 @@ static int do_rename_gpt_parts(struct blk_desc *dev_desc, char *subcomm,
 		*first = *second;
 		*second = tmp_part;
 	} else { /* rename */
-		if (strlen(name2) > PART_NAME_LEN) {
-			printf("Names longer than %d characters are truncated.\n", PART_NAME_LEN);
+		if (strlen(name2) >= PART_NAME_LEN) {
+			printf("Names longer than %d characters are truncated.\n",
+			       PART_NAME_LEN - 1);
 			ret = -EINVAL;
 			goto out;
 		}

---
base-commit: bcc7bc69b92ab728790aea0d08b2ae5e22d3b09d
change-id: 20250716-gpt_offby1-882673120467

Best regards,
-- 
Andrew Goodbody <andrew.goodbody at linaro.org>