diff --git a/changes/bytecount b/changes/bytecount
new file mode 100644
index 0000000000..50c4d6b35e
--- /dev/null
+++ b/changes/bytecount
@@ -0,0 +1,5 @@
+  o Minor bugfixes
+    - Fix a off-by-one error in calculating some controller command argument
+      lengths.  Fortunately, this is harmless, the controller code does
+      redundant NUL termination too.  Found by boboper.  Bugfix on
+      0.1.1.1-alpha.
diff --git a/src/or/control.c b/src/or/control.c
index b1551d4e1d..5e2bcc702f 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -2874,9 +2874,10 @@ connection_control_process_inbuf(control_connection_t *conn)
          && !TOR_ISSPACE(conn->incoming_cmd[cmd_len]))
     ++cmd_len;
 
-  data_len -= cmd_len;
   conn->incoming_cmd[cmd_len]='\0';
   args = conn->incoming_cmd+cmd_len+1;
+  tor_assert(data_len>(size_t)cmd_len);
+  data_len -= (cmd_len+1); /* skip the command and NUL we added after it */
   while (*args == ' ' || *args == '\t') {
     ++args;
     --data_len;