From: Chunyan Zhang Date: Tue, 22 Dec 2015 15:25:20 +0000 (+0200) Subject: stm class: Fix an off-by-one in master array allocation X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=7b3bb0e75395b2f3b0f95d9ae50581e989ba5e4c;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git stm class: Fix an off-by-one in master array allocation Since both sw_start and sw_end are master indices, the size of array that holds them is sw_end - sw_start + 1, which the current code gets wrong, allocating one item less than required. This patch corrects the allocation size, avoiding potential slab corruption. Signed-off-by: Chunyan Zhang [alexander.shishkin@linux.intel.com: re-wrote the commit message] Signed-off-by: Alexander Shishkin Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c index ddcb606acea6..40a8b79ab7db 100644 --- a/drivers/hwtracing/stm/core.c +++ b/drivers/hwtracing/stm/core.c @@ -618,7 +618,7 @@ int stm_register_device(struct device *parent, struct stm_data *stm_data, if (!stm_data->packet || !stm_data->sw_nchannels) return -EINVAL; - nmasters = stm_data->sw_end - stm_data->sw_start; + nmasters = stm_data->sw_end - stm_data->sw_start + 1; stm = kzalloc(sizeof(*stm) + nmasters * sizeof(void *), GFP_KERNEL); if (!stm) return -ENOMEM;