From e059a400ad780328cd5ad22c396298cac520c856 Mon Sep 17 00:00:00 2001
From: Lukasz Majewski <l.majewski@samsung.com>
Date: Wed, 26 Jun 2013 11:46:13 +0200
Subject: [PATCH] dfu:function: Fix number of allocated DFU function pointers

This subtle change fix problem with too small amount of allocated
memory to store DFU function pointers.

One needs to allocate extra space for sentinel NULL pointer in this array
of function pointers.

With the previous code, the NULL value overwrites malloc internal data
and afterwards free(f_dfu->function) crashes.

Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Cc: Marek Vasut <marex@denx.de>
---
 drivers/usb/gadget/f_dfu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/usb/gadget/f_dfu.c b/drivers/usb/gadget/f_dfu.c
index 178a0044c4..e3fa0e373d 100644
--- a/drivers/usb/gadget/f_dfu.c
+++ b/drivers/usb/gadget/f_dfu.c
@@ -589,7 +589,7 @@ static int dfu_prepare_function(struct f_dfu *f_dfu, int n)
 	struct usb_interface_descriptor *d;
 	int i = 0;
 
-	f_dfu->function = calloc(sizeof(struct usb_descriptor_header *), n);
+	f_dfu->function = calloc(sizeof(struct usb_descriptor_header *), n + 1);
 	if (!f_dfu->function)
 		goto enomem;
 
-- 
2.39.2