git: e8053023e7c0 - main - arm64/apple: Fix malloc size for per-CPU arrays in AIC attach
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 08 Apr 2026 00:51:02 UTC
The branch main has been updated by ngie:
URL: https://cgit.FreeBSD.org/src/commit/?id=e8053023e7c07214a7b0a97f0f087ba02b329157
commit e8053023e7c07214a7b0a97f0f087ba02b329157
Author: Weixie Cui <cuiweixie@gmail.com>
AuthorDate: 2026-03-31 10:24:08 +0000
Commit: Enji Cooper <ngie@FreeBSD.org>
CommitDate: 2026-04-08 00:50:25 +0000
arm64/apple: Fix malloc size for per-CPU arrays in AIC attach
sizeof(*sc->sc_ipimasks) * mp_maxid + 1 is parsed as
(sizeof(*sc->sc_ipimasks) * mp_maxid) + 1, so the buffers were one byte
short of a full (mp_maxid + 1) element count. Multiply by (mp_maxid + 1)
for sc_ipimasks and sc_cpuids.
Signed-off-by: Weixie Cui <cuiweixie@gmail.com>
Reviewed-by: kevans, ngie
Pull-Request: https://github.com/freebsd/freebsd-src/pull/2112
---
sys/arm64/apple/apple_aic.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sys/arm64/apple/apple_aic.c b/sys/arm64/apple/apple_aic.c
index c9ce3b4d2165..683339369a87 100644
--- a/sys/arm64/apple/apple_aic.c
+++ b/sys/arm64/apple/apple_aic.c
@@ -213,10 +213,10 @@ apple_aic_attach(device_t dev)
}
#ifdef SMP
- sc->sc_ipimasks = malloc(sizeof(*sc->sc_ipimasks) * mp_maxid + 1,
+ sc->sc_ipimasks = malloc(sizeof(*sc->sc_ipimasks) * (mp_maxid + 1),
M_DEVBUF, M_WAITOK | M_ZERO);
#endif
- sc->sc_cpuids = malloc(sizeof(*sc->sc_cpuids) * mp_maxid + 1,
+ sc->sc_cpuids = malloc(sizeof(*sc->sc_cpuids) * (mp_maxid + 1),
M_DEVBUF, M_WAITOK | M_ZERO);
cpu = PCPU_GET(cpuid);