proc/slab.h: Fix off-by-one overflow in sscanf().

In proc/slab.c, functions parse_slabinfo20() and parse_slabinfo11(),
sscanf() might overflow curr->name, because "String input conversions
store a terminating null byte ('\0') to mark the end of the input; the
maximum field width does not include this terminator."

Add one byte to name[] for this terminator.

diff --git a/proc/slab.h b/proc/slab.h
index 09dbe00ce270688a86dbcbe6c3bd675eff8087fa..35911b4452c2abc21c3239ff6c264b043d4c10bc 100644 (file)
--- a/proc/slab.h
+++ b/proc/slab.h
@@ -4,7 +4,7 @@
 #define SLAB_INFO_NAME_LEN      128
 
 struct slab_info {
-       char name[SLAB_INFO_NAME_LEN];  /* name of this cache */
+       char name[SLAB_INFO_NAME_LEN+1];  /* name of this cache */
        struct slab_info *next;
        unsigned long cache_size;       /* size of entire cache */
        unsigned nr_objs;               /* number of objects in this cache */