From 617d1017545c27a56229483cc1d689eff6c38561 Mon Sep 17 00:00:00 2001
From: Thomas Jarosch <thomas.jarosch@intra2net.com>
Date: Sat, 29 Oct 2011 15:45:56 +0200
Subject: MIPS: Yosemite, Emma: Fix off-by-two in arcs_cmdline buffer size
 check

Cause is a misplaced bracket.

The code

    strlen(buf+1)

will be two bytes less than

    strlen(buf)+1

The +1 is in this code to reserve space for an additional space character.

[ralf@linux-mips.org: Thomas' original patch fixed the issue only for
 Yosemite but the same bug exists also in Emma.]

Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Patchwork: https://patchwork.linux-mips.org/patch/2861/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>

diff --git a/arch/mips/emma/common/prom.c b/arch/mips/emma/common/prom.c
index 708f087..cae4225 100644
--- a/arch/mips/emma/common/prom.c
+++ b/arch/mips/emma/common/prom.c
@@ -50,7 +50,7 @@ void __init prom_init(void)
 
 	/* arg[0] is "g", the rest is boot parameters */
 	for (i = 1; i < argc; i++) {
-		if (strlen(arcs_cmdline) + strlen(arg[i] + 1)
+		if (strlen(arcs_cmdline) + strlen(arg[i]) + 1
 		    >= sizeof(arcs_cmdline))
 			break;
 		strcat(arcs_cmdline, arg[i]);
diff --git a/arch/mips/pmc-sierra/yosemite/prom.c b/arch/mips/pmc-sierra/yosemite/prom.c
index cf4c868..dcc926e 100644
--- a/arch/mips/pmc-sierra/yosemite/prom.c
+++ b/arch/mips/pmc-sierra/yosemite/prom.c
@@ -102,7 +102,7 @@ void __init prom_init(void)
 
 	/* Get the boot parameters */
 	for (i = 1; i < argc; i++) {
-		if (strlen(arcs_cmdline) + strlen(arg[i] + 1) >=
+		if (strlen(arcs_cmdline) + strlen(arg[i]) + 1 >=
 		    sizeof(arcs_cmdline))
 			break;
 
-- 
cgit v0.10.2