From 04130dba407e8c089ea9166535336161b4a2b5b6 Mon Sep 17 00:00:00 2001
From: Xia Yang <xiay@nvidia.com>
Date: Mon, 15 Aug 2016 14:56:51 -0700
Subject: [PATCH] mmc: card: test: Fix out of boundary array access

Allocate buffer with 1 extra byte for NULL terminator.

Bug 1791602

Change-Id: I3c3658315c2cd2a1dc7be7d72953998a5275e71e
Signed-off-by: Xia Yang <xiay@nvidia.com>
Reviewed-on: http://git-master/r/1216961
(cherry picked from commit 18c5b5ac8e51d8aaff61c63823f0ec99d4a065d5)
Reviewed-on: http://git-master/r/1216963
Reviewed-by: Winnie Hsu <whsu@nvidia.com>
Tested-by: Winnie Hsu <whsu@nvidia.com>
---
 drivers/mmc/card/mmc_test.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/mmc/card/mmc_test.c b/drivers/mmc/card/mmc_test.c
index 47ca3478a85..d85a697415c 100644
--- a/drivers/mmc/card/mmc_test.c
+++ b/drivers/mmc/card/mmc_test.c
@@ -3021,7 +3021,7 @@ static ssize_t mtf_test_write(struct file *file, const char __user *buf,
 	char *data_buf = NULL;
 	long testcase;
 
-	data_buf = kzalloc(count, GFP_KERNEL);
+	data_buf = kzalloc(count+1, GFP_KERNEL);
 	if (data_buf == NULL)
 		return -ENOMEM;
 
@@ -3029,7 +3029,6 @@ static ssize_t mtf_test_write(struct file *file, const char __user *buf,
 		kfree(data_buf);
 		return -EFAULT;
 	}
-	data_buf[strlen(data_buf) - 1] = '\0';
 	if (mmc_test_extract_parameters(data_buf)) {
 		mmc_test_usage(sf);
 		kfree(data_buf);
-- 
2.39.2