the size is made by "plls_no + 1".
so when copy from original buffer, need dec 1, or reading out of boundary.
additional info:
plls_no is ARRARY_SIZE(plls).
Signed-off-by: Chen Gang <gang.chen@xxxxxxxxxxx>
---
arch/arm/plat-s3c24xx/cpu-freq.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/arm/plat-s3c24xx/cpu-freq.c b/arch/arm/plat-s3c24xx/cpu-freq.c
index 4680799..df093b2 100644
--- a/arch/arm/plat-s3c24xx/cpu-freq.c
+++ b/arch/arm/plat-s3c24xx/cpu-freq.c
@@ -700,7 +700,8 @@ int __init s3c_plltab_register(struct cpufreq_frequency_table *plls,
vals = kmalloc(size, GFP_KERNEL);
if (vals) {
- memcpy(vals, plls, size);
+ memcpy(vals, plls,
+ size - sizeof(struct cpufreq_frequency_table));
pll_reg = vals;
/* write a terminating entry, we don't store it in the
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe linux-samsung-soc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
