[U-Boot] [PATCH] dfu:function: Fix number of allocated DFU function pointers
This subtle change fix problem with too small amount of allocated memory to store DFU function pointers.
One needs to allocate extra space for sentinel NULL pointer in this array of function pointers.
With the previous code, the NULL value overwrites malloc internal data and afterwards free(f_dfu->function) crashes.
Signed-off-by: Lukasz Majewski l.majewski@samsung.com Signed-off-by: Kyungmin Park kyungmin.park@samsung.com Cc: Marek Vasut marex@denx.de --- drivers/usb/gadget/f_dfu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/f_dfu.c b/drivers/usb/gadget/f_dfu.c index 178a004..e3fa0e3 100644 --- a/drivers/usb/gadget/f_dfu.c +++ b/drivers/usb/gadget/f_dfu.c @@ -589,7 +589,7 @@ static int dfu_prepare_function(struct f_dfu *f_dfu, int n) struct usb_interface_descriptor *d; int i = 0;
- f_dfu->function = calloc(sizeof(struct usb_descriptor_header *), n); + f_dfu->function = calloc(sizeof(struct usb_descriptor_header *), n + 1); if (!f_dfu->function) goto enomem;
Hello Lukasz,
Am 26.06.2013 11:46, schrieb Lukasz Majewski:
This subtle change fix problem with too small amount of allocated memory to store DFU function pointers.
One needs to allocate extra space for sentinel NULL pointer in this array of function pointers.
With the previous code, the NULL value overwrites malloc internal data and afterwards free(f_dfu->function) crashes.
Signed-off-by: Lukasz Majewski l.majewski@samsung.com Signed-off-by: Kyungmin Park kyungmin.park@samsung.com Cc: Marek Vasut marex@denx.de
drivers/usb/gadget/f_dfu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Acked-by: Heiko Schocher hs@denx.de
Thanks!
bye, Heiko
Dear Heiko Schocher,
Hello Lukasz,
Am 26.06.2013 11:46, schrieb Lukasz Majewski:
This subtle change fix problem with too small amount of allocated memory to store DFU function pointers.
One needs to allocate extra space for sentinel NULL pointer in this array of function pointers.
With the previous code, the NULL value overwrites malloc internal data and afterwards free(f_dfu->function) crashes.
Signed-off-by: Lukasz Majewski l.majewski@samsung.com Signed-off-by: Kyungmin Park kyungmin.park@samsung.com Cc: Marek Vasut marex@denx.de
drivers/usb/gadget/f_dfu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Acked-by: Heiko Schocher hs@denx.de
Applied, thanks
Best regards, Marek Vasut
participants (3)
-
Heiko Schocher -
Lukasz Majewski -
Marek Vasut