If a user provides a buffer larger than a tty->write_buf chunk and
passes '\r' at the end of the buffer, we touch an out-of-bound memory.

Add a check there to prevent this.
Signed-off-by: NJiri Slaby <jslaby@suse.cz>
Cc: stable@vger.kernel.org (everything maintained past v2.6.37)
Cc: Samo Pogacnik <samo_pogacnik@t-2.net>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>