Commit 13c63ae0 authored by Mateusz Guzik's avatar Mateusz Guzik
Browse files

mmc: fix 1-byte reallocs (when it should have been sizeof device_t)

Reported by KASAN:
panic: ASan: Invalid access, 8-byte write at 0xfffffe00f0992610, RedZonePartial(1)
panic() at panic+0xb5/frame 0xffffffff86a595b0
__asan_store8_noabort() at __asan_store8_noabort+0x376/frame 0xffffffff86a59670
mmc_go_discovery() at mmc_go_discovery+0x6c61/frame 0xffffffff86a5a790
mmc_delayed_attach() at mmc_delayed_attach+0x35/frame 0xffffffff86a5a7b0
[snip]

Sponsored by:	Rubicon Communications, LLC ("Netgate")
parent d71e1a88
......@@ -1920,7 +1920,7 @@ mmc_discover_cards(struct mmc_softc *sc)
if (child != NULL) {
device_set_ivars(child, ivar);
sc->child_list = realloc(sc->child_list,
sizeof(device_t) * sc->child_count + 1,
sizeof(device_t) * (sc->child_count + 1),
M_DEVBUF, M_WAITOK);
sc->child_list[sc->child_count++] = child;
} else
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment