diff options
| author | Weixie Cui <cuiweixie@gmail.com> | 2026-03-31 10:24:08 +0000 |
|---|---|---|
| committer | Enji Cooper <ngie@FreeBSD.org> | 2026-04-08 00:50:25 +0000 |
| commit | e8053023e7c07214a7b0a97f0f087ba02b329157 (patch) | |
| tree | ccd99dc2522091a591f0671422bdb0b86f80da7a | |
| parent | cc2f8f3786d6e0ef01e2b2feadb804c1f86716da (diff) | |
arm64/apple: Fix malloc size for per-CPU arrays in AIC attach
sizeof(*sc->sc_ipimasks) * mp_maxid + 1 is parsed as
(sizeof(*sc->sc_ipimasks) * mp_maxid) + 1, so the buffers were one byte
short of a full (mp_maxid + 1) element count. Multiply by (mp_maxid + 1)
for sc_ipimasks and sc_cpuids.
Signed-off-by: Weixie Cui <cuiweixie@gmail.com>
Reviewed-by: kevans, ngie
Pull-Request: https://github.com/freebsd/freebsd-src/pull/2112
| -rw-r--r-- | sys/arm64/apple/apple_aic.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/arm64/apple/apple_aic.c b/sys/arm64/apple/apple_aic.c index c9ce3b4d2165..683339369a87 100644 --- a/sys/arm64/apple/apple_aic.c +++ b/sys/arm64/apple/apple_aic.c @@ -213,10 +213,10 @@ apple_aic_attach(device_t dev) } #ifdef SMP - sc->sc_ipimasks = malloc(sizeof(*sc->sc_ipimasks) * mp_maxid + 1, + sc->sc_ipimasks = malloc(sizeof(*sc->sc_ipimasks) * (mp_maxid + 1), M_DEVBUF, M_WAITOK | M_ZERO); #endif - sc->sc_cpuids = malloc(sizeof(*sc->sc_cpuids) * mp_maxid + 1, + sc->sc_cpuids = malloc(sizeof(*sc->sc_cpuids) * (mp_maxid + 1), M_DEVBUF, M_WAITOK | M_ZERO); cpu = PCPU_GET(cpuid); |