fs/exfat: avoid setting 0 over buffer uniname

utf8s_to_utf16s could return -EINVAL(-22), then uniname[i] =
uniname[-22] = '\0' will corrupt other local variable.
uniname is a local variable having different address everytime
when call nls_cstring_to_uniname. so uniname[-22] could corrupt
some different addresses.
and also when filename reaches at maximum length, need to leave
last one space in buffer for '\0'

Change-Id: I44bbdd3249150ad5617c7cd13207cfa37b102a77
Signed-off-by: Shengzhe Zhao <a18689@motorola.com>
Signed-off-by: Shiyong Li <a22381@motorola.com>
Reviewed-on: https://gerrit.mot.com/1102179
SLTApproved: Slta Waiver
SME-Granted: SME Approvals Granted
Tested-by: Jira Key
Reviewed-by: Igor Kovalenko <igork@motorola.com>
Submit-Approved: Jira Key
Reviewed-on: https://gerrit.mot.com/1276880
Reviewed-by: Hua Tan <tanhua1@motorola.com>

diff --git a/fs/exfat/exfat_nls.c b/fs/exfat/exfat_nls.c
index a48b3d05a7c4bcada7602aa96b35acf9849e5eb1..a0ba86b63087836bc7562048a446c4dd79517194 100644 (file)
--- a/fs/exfat/exfat_nls.c
+++ b/fs/exfat/exfat_nls.c
@@ -296,6 +296,9 @@ void nls_uniname_to_cstring(struct super_block *sb, u8 *p_cstring, UNI_NAME_T *p
 
        if (nls == NULL) {
                len = utf16s_to_utf8s(uniname, MAX_NAME_LENGTH, UTF16_HOST_ENDIAN, p_cstring, MAX_NAME_LENGTH);
+               if (len >= MAX_NAME_LENGTH * MAX_CHARSET_SIZE)
+                       len--;
+
                p_cstring[len] = 0;
                return;
        }
@@ -360,7 +363,11 @@ void nls_cstring_to_uniname(struct super_block *sb, UNI_NAME_T *p_uniname, u8 *p
 #endif
                for (j = 0; j < i; j++)
                        SET16_A(upname + j * 2, nls_upper(sb, uniname[j]));
-               uniname[i] = '\0';
+
+               if (i >= 0 && i < MAX_NAME_LENGTH)
+                       uniname[i] = '\0';
+               else
+                       lossy = TRUE;
        }
        else {
                i = j = 0;