From: Andrew Goodbody <andrew.goodbody@linaro.org>
Date: Thu, 17 Jul 2025 08:43:29 +0000 (+0100)
Subject: fastboot: Fix off by 1 error
X-Git-Tag: v2025.10-rc1~35
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=23d2c182d4be9f993a4e4d8f4fc6293e4d5a9ff8;p=thirdparty%2Fu-boot.git

fastboot: Fix off by 1 error

strlen only reports length of string not including terminating 0 byte
but this has to be included in length of receiving buffer on copy so
adjust length check to be correct.

This issue found by Smatch.

Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
---

diff --git a/drivers/fastboot/fb_command.c b/drivers/fastboot/fb_command.c
index 7697139b622..791088bc094 100644
--- a/drivers/fastboot/fb_command.c
+++ b/drivers/fastboot/fb_command.c
@@ -413,7 +413,7 @@ static void __maybe_unused run_acmd(char *cmd_parameter, char *response)
 		return;
 	}
 
-	if (strlen(cmd_parameter) > sizeof(g_a_cmd_buff)) {
+	if (strlen(cmd_parameter) >= sizeof(g_a_cmd_buff)) {
 		pr_err("too long command\n");
 		fastboot_fail("too long command", response);
 		return;