From 089bb8762fd59333670e99a0938e65d613679907 Mon Sep 17 00:00:00 2001
From: Jaroslav Kysela <perex@perex.cz>
Date: Mon, 22 Jun 2020 09:02:11 +0200
Subject: [PATCH] ucm: fix the possible buffer overflow (substitution)

Signed-off-by: Jaroslav Kysela <perex@perex.cz>
---
 src/ucm/ucm_subs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ucm/ucm_subs.c b/src/ucm/ucm_subs.c
index e6af5022..293426f2 100644
--- a/src/ucm/ucm_subs.c
+++ b/src/ucm/ucm_subs.c
@@ -334,7 +334,7 @@ __match2:
 		tmp = strchr(value + idsize, '}');
 		if (tmp) {
 			rvalsize = tmp - (value + idsize);
-			if (rvalsize > sizeof(v2)) {
+			if (rvalsize >= sizeof(v2)) {
 				err = -ENOMEM;
 				goto __error;
 			}
-- 
2.11.0