Commit 0c7468e38 for clamav.net

commit 0c7468e384cfb80fb34d950e80184f8660e7ff7b
Author: metsw24-max <metsw24@gmail.com>
Date:   Thu Jun 11 02:54:25 2026 +0530

    fix out-of-bounds access in gpt_scan_partitions name loop (#1736)

    the name byte-swap loop iterates j over the 36-element array but subscripts gpe.name[i], the outer partition counter. name is the last field of struct gpt_partition_entry, so partition indices >= 36 (reachable with the default 50-partition cap) read and wrote past the end of the on-stack entry. subscript with j instead.

diff --git a/libclamav/gpt.c b/libclamav/gpt.c
index 1b496925e..d5461e36d 100644
--- a/libclamav/gpt.c
+++ b/libclamav/gpt.c
@@ -303,7 +303,7 @@ static cl_error_t gpt_scan_partitions(cli_ctx *ctx, struct gpt_header hdr, size_
         gpe.lastLBA    = le64_to_host(gpe.lastLBA);
         gpe.attributes = le64_to_host(gpe.attributes);
         for (j = 0; j < 36; ++j) {
-            gpe.name[i] = le16_to_host(gpe.name[i]);
+            gpe.name[j] = le16_to_host(gpe.name[j]);
         }

         /* check that partition is not empty and within a valid location */