[U-Boot] [PATCH] dfu:function: Fix number of allocated DFU function pointers
Lukasz Majewski
l.majewski at samsung.com
Wed Jun 26 11:46:13 CEST 2013
This subtle change fix problem with too small amount of allocated
memory to store DFU function pointers.
One needs to allocate extra space for sentinel NULL pointer in this array
of function pointers.
With the previous code, the NULL value overwrites malloc internal data
and afterwards free(f_dfu->function) crashes.
Signed-off-by: Lukasz Majewski <l.majewski at samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park at samsung.com>
Cc: Marek Vasut <marex at denx.de>
---
drivers/usb/gadget/f_dfu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/f_dfu.c b/drivers/usb/gadget/f_dfu.c
index 178a004..e3fa0e3 100644
--- a/drivers/usb/gadget/f_dfu.c
+++ b/drivers/usb/gadget/f_dfu.c
@@ -589,7 +589,7 @@ static int dfu_prepare_function(struct f_dfu *f_dfu, int n)
struct usb_interface_descriptor *d;
int i = 0;
- f_dfu->function = calloc(sizeof(struct usb_descriptor_header *), n);
+ f_dfu->function = calloc(sizeof(struct usb_descriptor_header *), n + 1);
if (!f_dfu->function)
goto enomem;
--
1.7.10.4
More information about the U-Boot
mailing list