fbt_typoff_init: fix an off by one in determining required memory size
This issue would be silent most of the time, but if the requested memory is a multiple of a page size, then accessing one element beyond the end would lead to a kernel page fault. Otherwise, the unlucky last type would just be inaccessible. Reported by: glebius Tested by: glebius MFC after: 6 days
This commit is contained in:
parent
25bcd53216
commit
a47016e9a9
@ -777,6 +777,8 @@ fbt_typoff_init(linker_ctf_t *lc)
|
||||
pop[kind]++;
|
||||
}
|
||||
|
||||
/* account for a sentinel value below */
|
||||
ctf_typemax++;
|
||||
*lc->typlenp = ctf_typemax;
|
||||
|
||||
if ((xp = malloc(sizeof(uint32_t) * ctf_typemax, M_LINKER, M_ZERO | M_WAITOK)) == NULL)
|
||||
|
Loading…
Reference in New Issue
Block a user