On Thu, 12 Mar 2026 19:11:43 +0000 Josh Law <[email protected]> wrote:
> From: Josh Law <[email protected]> > > snprintf() returns the number of characters that would have been > written excluding the NUL terminator. Output is truncated when the > return value is >= the buffer size, not just > the buffer size. > > When ret == size, the current code takes the non-truncated path, > advancing buf by ret and reducing size to 0. This is wrong because > the output was actually truncated (the last character was replaced by > NUL). Fix by using >= so the truncation path is taken correctly. > > Signed-off-by: Josh Law <[email protected]> Reviewed-by: Steven Rostedt (Google) <[email protected]> -- Steve > --- > lib/bootconfig.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/bootconfig.c b/lib/bootconfig.c > index 62b4ed7a0ba6..b0ef1e74e98a 100644 > --- a/lib/bootconfig.c > +++ b/lib/bootconfig.c > @@ -316,7 +316,7 @@ int __init xbc_node_compose_key_after(struct xbc_node > *root, > depth ? "." : ""); > if (ret < 0) > return ret; > - if (ret > size) { > + if (ret >= size) { > size = 0; > } else { > size -= ret;
