diff --git a/NEWS b/NEWS
index 610b22477be835cf0e1854d47003703e52a9830a..c5e1ccc5ca3c1513aa1adc11d52761b25d6dfc5c 100644
--- a/NEWS
+++ b/NEWS
@@ -89,6 +89,8 @@ documents those changes that are of interest to users and admins.
lengths.
-- If OverTimeLimit is defined do not declare failed those jobs that ended
in the OverTimeLimit interval.
+ -- Subtract the PMII_COMMANDLEN_SIZE in contribs/pmi2/pmi2_api.c to prevent
+ certain implementation of snprintf() to segfault.
* Changes in Slurm 2.6.1
========================
diff --git a/contribs/pmi2/pmi2_api.c b/contribs/pmi2/pmi2_api.c
index 4a1507bba805d59d3b851c37a220c51ab51ced97..78ad795d54ebeeb522317d8bcc120038e8b1b60c 100644
--- a/contribs/pmi2/pmi2_api.c
+++ b/contribs/pmi2/pmi2_api.c
@@ -1492,6 +1492,14 @@ int PMIi_WriteSimpleCommand( int fd, PMI2_Command *resp, const char cmd[], PMI2_
PMI2U_ERR_CHKANDJUMP(ret >= remaining_len, pmi2_errno, PMI2_ERR_OTHER, "**intern %s", "Ran out of room for command");
c += ret;
remaining_len -= ret;
+ /* Subtract the PMII_COMMANDLEN_SIZE to prevent
+ * certain implementation of snprintf() to
+ * segfault when zero out the buffer.
+ * PMII_COMMANDLEN_SIZE must be added later on
+ * back again to send out the right protocol
+ * message size.
+ */
+ remaining_len -= PMII_COMMANDLEN_SIZE;
#ifdef MPICH_IS_THREADED
MPIU_THREAD_CHECK_BEGIN;
@@ -1531,8 +1539,11 @@ int PMIi_WriteSimpleCommand( int fd, PMI2_Command *resp, const char cmd[], PMI2_
--remaining_len;
}
- /* prepend the buffer length stripping off the trailing '\0' */
- cmdlen = PMII_MAX_COMMAND_LEN - remaining_len;
+ /* prepend the buffer length stripping off the trailing '\0'
+ * Add back the PMII_COMMANDLEN_SIZE to get the correct
+ * protocol size.
+ */
+ cmdlen = PMII_MAX_COMMAND_LEN - (remaining_len + PMII_COMMANDLEN_SIZE);
ret = snprintf(cmdlenbuf, sizeof(cmdlenbuf), "%d", cmdlen);
PMI2U_ERR_CHKANDJUMP(ret >= PMII_COMMANDLEN_SIZE, pmi2_errno, PMI2_ERR_OTHER, "**intern %s", "Command length won't fit in length buffer");