In the Linux kernel, the following vulnerability has been resolved:
init/main.c: Fix potential staticcommandline memory overflow
We allocate memory of size 'xlen + strlen(bootcommandline) + 1' for staticcommandline, but the strings copied into staticcommandline are extracommandline and commandline, rather than extracommandline and bootcommand_line.
When strlen(commandline) > strlen(bootcommandline), staticcommand_line will overflow.
This patch just recovers strlen(commandline) which was miss-consolidated with strlen(bootcommandline) in the commit f5c7310ac73e ("init/main: add checks for the return value of memblockalloc*()")