From 9785a92d66240e7186f3d5e203896908142ed804 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Sat, 24 Oct 2020 12:36:11 +0200 Subject: tpu: Fix msgb-write-beyond-tailroom in TPU_DEBUG We need to make sure to allocte sufficient space to include the 32bit frame number at the start of the TPU_DEBUG msgb. Change-Id: Ifb3ce6f91131fc361b20c3b3fe5ebc7079633ac3 --- src/target/firmware/calypso/tpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/target/firmware/calypso/tpu.c b/src/target/firmware/calypso/tpu.c index 0b60292a..f778bfda 100644 --- a/src/target/firmware/calypso/tpu.c +++ b/src/target/firmware/calypso/tpu.c @@ -91,7 +91,7 @@ static void tpu_debug(void) { uint16_t *tpu_base = (uint16_t *)BASE_ADDR_TPU_RAM; unsigned int tpu_size = tpu_ptr - tpu_base; - struct msgb *msg = sercomm_alloc_msgb(tpu_size*2); + struct msgb *msg = sercomm_alloc_msgb(sizeof(uint32_t) + tpu_size*2); uint16_t *data; uint32_t *fn; uint16_t reg; -- cgit v1.2.3