From 3049a6bd04fdc4865de792adfc8b5474ef07b660 Mon Sep 17 00:00:00 2001
From: Michael Hohmuth <sideral@rockbox.org>
Date: Thu, 4 Aug 2011 12:13:16 +0000
Subject: Database: Fixed a potential buffer overrun in format_str.  From
 FS#12132 patch 8.

git-svn-id: svn://svn.rockbox.org/rockbox/branches/v3_9@30252 a1c6a512-1295-4272-9138-f99709370657
---
 apps/tagtree.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/tagtree.c b/apps/tagtree.c
index 4003087133..df747a4b78 100644
--- a/apps/tagtree.c
+++ b/apps/tagtree.c
@@ -1129,7 +1129,7 @@ static int format_str(struct tagcache_search *tcs, struct display_format *fmt,
         
         buf[buf_pos++] = fmt->formatstr[i];
         
-        if (buf_pos - 1 >= buf_size)
+        if (buf_pos >= buf_size - 1)    /* need at least one more byte for \0 */
         {
             logf("buffer overflow");
             return -4;
-- 
cgit v1.2.3