pixel_em: Fixing off-by-one buffer allocation

This could result in a buffer overflow. Bug: 258701539 Signed-off-by: Vincent Palomares <[email protected]> Change-Id: I5c7ce8431ee59457203bb6c6cea27e77ac103f89
celtare21 · Nov 18, 2022 · 09317b3 · 09317b3
1 parent 5d27ac8
commit 09317b3
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/drivers/soc/google/vh/kernel/pixel_em/pixel_em.c b/drivers/soc/google/vh/kernel/pixel_em/pixel_em.c
@@ -478,11 +478,12 @@ static struct pixel_em_profile *generate_default_em_profile(const char *name)
 	if (!res->clusters)
 		goto failed_clusters_allocation;
 
-	res->cpu_to_cluster = kcalloc(pixel_em_max_cpu, sizeof(*res->cpu_to_cluster), GFP_KERNEL);
+	res->cpu_to_cluster = kcalloc(pixel_em_max_cpu + 1,
+				      sizeof(*res->cpu_to_cluster),
+				      GFP_KERNEL);
 	if (!res->cpu_to_cluster)
 		goto failed_cpu_to_cluster_allocation;
 
-
 	cpumask_copy(&unmatched_cpus, cpu_possible_mask);
 
 	while (!cpumask_empty(&unmatched_cpus)) {