From 25d3e0509c7d812e05d21c2c73038dce6fe9d889 Mon Sep 17 00:00:00 2001
From: Andrew Goodbody <andrew.goodbody@linaro.org>
Date: Wed, 16 Jul 2025 11:55:47 +0100
Subject: [PATCH] cmd: gpt: Fix off by 1 errors

The buffer for a name to be copied into must also contain the
terminating 0 byte but strlen returns the length of the string without
counting that 0 byte. Adjust the length checks to take this into
account.

This issue found by Smatch.

Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
---
 cmd/gpt.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/cmd/gpt.c b/cmd/gpt.c
index 27aea2df197..e18e5036a06 100644
--- a/cmd/gpt.c
+++ b/cmd/gpt.c
@@ -911,8 +911,9 @@ static int do_rename_gpt_parts(struct blk_desc *dev_desc, char *subcomm,
 		goto out;
 
 	if (!strcmp(subcomm, "swap")) {
-		if ((strlen(name1) > PART_NAME_LEN) || (strlen(name2) > PART_NAME_LEN)) {
-			printf("Names longer than %d characters are truncated.\n", PART_NAME_LEN);
+		if ((strlen(name1) >= PART_NAME_LEN) || (strlen(name2) >= PART_NAME_LEN)) {
+			printf("Names longer than %d characters are truncated.\n",
+			       PART_NAME_LEN - 1);
 			ret = -EINVAL;
 			goto out;
 		}
@@ -967,8 +968,9 @@ static int do_rename_gpt_parts(struct blk_desc *dev_desc, char *subcomm,
 		*first = *second;
 		*second = tmp_part;
 	} else { /* rename */
-		if (strlen(name2) > PART_NAME_LEN) {
-			printf("Names longer than %d characters are truncated.\n", PART_NAME_LEN);
+		if (strlen(name2) >= PART_NAME_LEN) {
+			printf("Names longer than %d characters are truncated.\n",
+			       PART_NAME_LEN - 1);
 			ret = -EINVAL;
 			goto out;
 		}
-- 
2.47.2