From 7ce5277537c1e278dd8267f8b934bbfebd2fefe8 Mon Sep 17 00:00:00 2001
From: "Xiang, Haihao" <haihao.xiang@intel.com>
Date: Tue, 13 Mar 2018 12:50:50 +0800
Subject: [PATCH] Correct the valid buffer size

Otherwise it might result in out-of-bounds access of i965->va_vendor

Signed-off-by: Xiang, Haihao <haihao.xiang@intel.com>
---
 src/i965_drv_video.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/i965_drv_video.c b/src/i965_drv_video.c
index 36719e8..f66973f 100644
--- a/src/i965_drv_video.c
+++ b/src/i965_drv_video.c
@@ -7346,13 +7346,13 @@ ensure_vendor_string(struct i965_driver_data *i965, const char *chipset)
     if (INTEL_DRIVER_PRE_VERSION > 0) {
         ret = snprintf(&i965->va_vendor[len], sizeof(i965->va_vendor) - len,
                        ".pre%d", INTEL_DRIVER_PRE_VERSION);
-        if (ret < 0 || ret >= sizeof(i965->va_vendor))
+        if (ret < 0 || ret >= (sizeof(i965->va_vendor) - len))
             goto error;
         len += ret;
 
         ret = snprintf(&i965->va_vendor[len], sizeof(i965->va_vendor) - len,
                        " (%s)", INTEL_DRIVER_GIT_VERSION);
-        if (ret < 0 || ret >= sizeof(i965->va_vendor))
+        if (ret < 0 || ret >= (sizeof(i965->va_vendor) - len))
             goto error;
         len += ret;
     }
-- 
2.11.0