From: Bernhard Walle Subject: [PATCH] Fix possible array length overflow References: 256676 Found by dan.yeisley@unisys.com. Signed-off-by: Bernhard Walle --- choosers/simple.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/choosers/simple.c +++ b/choosers/simple.c @@ -283,8 +283,10 @@ restart: } if (elilo_opt.prompt) { - ret = select_kernel(buffer, sizeof(buffer)); + ret = select_kernel(buffer, CMDLINE_MAXLEN); if (ret == -1) return -1; + + /* this function takes really the number of bytes ... */ argc = argify(buffer,sizeof(buffer), argv); index = 0; }