stm class: Fix an off-by-one in master array allocation

Since both sw_start and sw_end are master indices, the size of array that holds them is sw_end - sw_start + 1, which the current code gets wrong, allocating one item less than required. This patch corrects the allocation size, avoiding potential slab corruption. Signed-off-by: N Chunyan Zhang <zhang.chunyan@linaro.org> [alexander.shishkin@linux.intel.com: re-wrote the commit message] Signed-off-by: N Alexander Shishkin <alexander.shishkin@linux.intel.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org>

stm class: Fix an off-by-one in master array allocation
Since both sw_start and sw_end are master indices, the size of array that holds them is sw_end - sw_start + 1, which the current code gets wrong, allocating one item less than required. This patch corrects the allocation size, avoiding potential slab corruption. Signed-off-by: N Chunyan Zhang <zhang.chunyan@linaro.org> [alexander.shishkin@linux.intel.com: re-wrote the commit message] Signed-off-by: N Alexander Shishkin <alexander.shishkin@linux.intel.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org>
7b3bb0e7 · Chunyan Zhang · Greg Kroah-Hartman · c74f7e82 · 7b3bb0e7
显示空白变更内容
内联并排

Showing with 1 addition and 1 deletion

drivers/hwtracing/stm/core.c drivers/hwtracing/stm/core.c +1 -1

未找到文件。
--- a/drivers/hwtracing/stm/core.c
+++ b/drivers/hwtracing/stm/core.c
@@ -618,7 +618,7 @@ int stm_register_device(struct device *parent, struct stm_data *stm_data,
 	if (!stm_data->packet || !stm_data->sw_nchannels)
 		return -EINVAL;

-	nmasters = stm_data->sw_end - stm_data->sw_start;
+	nmasters = stm_data->sw_end - stm_data->sw_start + 1;
 	stm = kzalloc(sizeof(*stm) + nmasters * sizeof(void *), GFP_KERNEL);
 	if (!stm)
 		return -ENOMEM;