The branch main has been updated by ngie: URL: https://cgit.FreeBSD.org/src/commit/?id=e8053023e7c07214a7b0a97f0f087ba02b329157
commit e8053023e7c07214a7b0a97f0f087ba02b329157 Author: Weixie Cui <[email protected]> AuthorDate: 2026-03-31 10:24:08 +0000 Commit: Enji Cooper <[email protected]> CommitDate: 2026-04-08 00:50:25 +0000 arm64/apple: Fix malloc size for per-CPU arrays in AIC attach sizeof(*sc->sc_ipimasks) * mp_maxid + 1 is parsed as (sizeof(*sc->sc_ipimasks) * mp_maxid) + 1, so the buffers were one byte short of a full (mp_maxid + 1) element count. Multiply by (mp_maxid + 1) for sc_ipimasks and sc_cpuids. Signed-off-by: Weixie Cui <[email protected]> Reviewed-by: kevans, ngie Pull-Request: https://github.com/freebsd/freebsd-src/pull/2112 --- sys/arm64/apple/apple_aic.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/arm64/apple/apple_aic.c b/sys/arm64/apple/apple_aic.c index c9ce3b4d2165..683339369a87 100644 --- a/sys/arm64/apple/apple_aic.c +++ b/sys/arm64/apple/apple_aic.c @@ -213,10 +213,10 @@ apple_aic_attach(device_t dev) } #ifdef SMP - sc->sc_ipimasks = malloc(sizeof(*sc->sc_ipimasks) * mp_maxid + 1, + sc->sc_ipimasks = malloc(sizeof(*sc->sc_ipimasks) * (mp_maxid + 1), M_DEVBUF, M_WAITOK | M_ZERO); #endif - sc->sc_cpuids = malloc(sizeof(*sc->sc_cpuids) * mp_maxid + 1, + sc->sc_cpuids = malloc(sizeof(*sc->sc_cpuids) * (mp_maxid + 1), M_DEVBUF, M_WAITOK | M_ZERO); cpu = PCPU_GET(cpuid);
