init: fix illegal memory access when max message length is reached

author Yuan-Hsiang Lee <yhlee@ubnt.com>

Sat, 2 Nov 2013 23:13:16 +0000 (00:13 +0100)

committer Denys Vlasenko <vda.linux@googlemail.com>

Sat, 2 Nov 2013 23:13:16 +0000 (00:13 +0100)
author Yuan-Hsiang Lee <yhlee@ubnt.com>
Sat, 2 Nov 2013 23:13:16 +0000 (00:13 +0100)
committer Denys Vlasenko <vda.linux@googlemail.com>
Sat, 2 Nov 2013 23:13:16 +0000 (00:13 +0100)
diff --git a/init/init.c b/init/init.c

index cc6a2b5..2dcdfd4 100644 (file)
--- a/init/init.c
+++ b/init/init.c
@@ -222,8 +222,8 @@ static void message(int where, const char *fmt, ...)
         msg[0] = '\r';
         va_start(arguments, fmt);
         l = 1 + vsnprintf(msg + 1, sizeof(msg) - 2, fmt, arguments);
         msg[0] = '\r';
         va_start(arguments, fmt);
         l = 1 + vsnprintf(msg + 1, sizeof(msg) - 2, fmt, arguments);
-       if (l > sizeof(msg) - 1)
-               l = sizeof(msg) - 1;
+       if (l > sizeof(msg) - 2)
+               l = sizeof(msg) - 2;
         va_end(arguments);
  
  #if ENABLE_FEATURE_INIT_SYSLOG
         va_end(arguments);
  
  #if ENABLE_FEATURE_INIT_SYSLOG
author	Yuan-Hsiang Lee <yhlee@ubnt.com>
	Sat, 2 Nov 2013 23:13:16 +0000 (00:13 +0100)
committer	Denys Vlasenko <vda.linux@googlemail.com>
	Sat, 2 Nov 2013 23:13:16 +0000 (00:13 +0100)