From 3ccc6ed2620d7f5103041a71d9894315a851e055 Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] proc/slab.h: Fix off-by-one overflow in sscanf().

In proc/slab.c, functions parse_slabinfo20() and parse_slabinfo11(),
sscanf() might overflow curr->name, because "String input conversions
store a terminating null byte ('\0') to mark the end of the input; the
maximum field width does not include this terminator."

Add one byte to name[] for this terminator.
---
 proc/slab.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/proc/slab.h b/proc/slab.h
index 09dbe00c..35911b44 100644
--- a/proc/slab.h
+++ b/proc/slab.h
@@ -4,7 +4,7 @@
 #define SLAB_INFO_NAME_LEN      128
 
 struct slab_info {
-	char name[SLAB_INFO_NAME_LEN];  /* name of this cache */
+	char name[SLAB_INFO_NAME_LEN+1];  /* name of this cache */
 	struct slab_info *next;
 	unsigned long cache_size;       /* size of entire cache */
 	unsigned nr_objs;               /* number of objects in this cache */