From c8c94bfb1edd6e1e045d503dfba9a96077306a27 Mon Sep 17 00:00:00 2001
From: John Hawthorn <john@hawthorn.email>
Date: Wed, 23 Oct 2024 22:32:55 -0700
Subject: [PATCH] Fix benign off-by-one

Previously we always reserved one more byte than necessary in the
sprintf output string.
---
 sprintf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sprintf.c b/sprintf.c
index 9290ed726c..cb266a9841 100644
--- a/sprintf.c
+++ b/sprintf.c
@@ -67,7 +67,8 @@ sign_bits(int base, const char *p)
 
 #define CHECK(l) do {\
     int cr = ENC_CODERANGE(result);\
-    while ((l) >= bsiz - blen) {\
+    RUBY_ASSERT(bsiz >= blen); \
+    while ((l) > bsiz - blen) {\
         bsiz*=2;\
         if (bsiz<0) rb_raise(rb_eArgError, "too big specifier");\
     }\