[PATCH 4/4] um: account for the separator in add_arg() bounds checking

[Pengpeng Hou]

add_arg() checks whether command_line and arg fit in the fixed
COMMAND_LINE_SIZE buffer, but when command_line is non-empty it inserts
an additional space before appending arg. The current guard does not
account for that separator, so a non-empty command line can pass the
check and still overflow by one byte.

Count the separator when command_line already contains data.

Signed-off-by: Pengpeng Hou <pengpeng at iscas.ac.cn>
---
 arch/um/kernel/um_arch.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/arch/um/kernel/um_arch.c b/arch/um/kernel/um_arch.c
index e2b24e1ecfa6..93eebaf1d236 100644
--- a/arch/um/kernel/um_arch.c
+++ b/arch/um/kernel/um_arch.c
@@ -44,7 +44,12 @@ static char __initdata command_line[COMMAND_LINE_SIZE] = { 0 };
 
 static void __init add_arg(char *arg)
 {
-	if (strlen(command_line) + strlen(arg) + 1 > COMMAND_LINE_SIZE) {
+	size_t len = strlen(command_line) + strlen(arg) + 1;
+
+	if (command_line[0])
+		len++;
+
+	if (len > COMMAND_LINE_SIZE) {
 		os_warn("add_arg: Too many command line arguments!\n");
 		exit(1);
 	}
-- 
2.50.1 (Apple Git-155)