set_volume_label function is not available in the mentioned commit. I guess it should be commit d01579d590f72d2d91405b708e96f6169f24775a. Now I have looked at that commit and I think I finally understood what was the issue. exfat_nls_to_utf16() function is written in a way that it expects null-term string and its strlen as 3rd argument. This was achieved for all code paths except the new one introduced in that commit. "label" is declared as char label[FSLABEL_MAX]; so the FSLABEL_MAX argument in exfat_nls_to_utf16() is effectively sizeof(label). And here comes the problem, it should have been strlen(label) (or rather strnlen(label, sizeof(label)-1) in case userspace pass non-nul term string). So the change below to FSLABEL_MAX - 1 effectively fix the overflow problem. But not the usage of exfat_nls_to_utf16. API of FS_IOC_SETFSLABEL is defined to always take nul-term string: https://man7.org/linux/man-pages/man2/fs_ioc_setfslabel.2const.html And size of buffer is not the length of nul-term string. We should discard anything after nul-term byte. So in my opinion exfat_ioctl_set_volume_label() should be fixed in a way it would call exfat_nls_to_utf16() with 3rd argument passed as: strnlen(label, sizeof(label) - 1) or strnlen(label, FSLABEL_MAX - 1) Or personally I prefer to store this length into new variable (e.g. label_len) and then passing it to exfat_nls_to_utf16() function. For example: ret = exfat_nls_to_utf16(sb, label, label_len, &uniname, &lossy); Adding Ethan to CC as author of the mentioned commit. And about NLS_NAME_OVERLEN, it is being used by the __exfat_resolve_path() function. So removal of the "setting" of NLS_NAME_OVERLEN bit but still checking if the NLS_NAME_OVERLEN bit is set is quite wrong. Namjae, could you re-check my analysis? Just to be sure that I have not misunderstood something. It is better to do proper analysis than having incomplete or incorrect fix.[PATCH v3] exfat: fix out-of-bounds in exfat_nls_to_ucs2()Pali Rohár undefinedJeongjun Park undefined undefined undefined undefined undefined undefined undefined undefined undefined undefined‰sƒ•r