From b814fb2694fe178b5cb94e046b9d31944e752f4a Mon Sep 17 00:00:00 2001
From: Jens Axboe <axboe@kernel.dk>
Date: Wed, 12 Oct 2011 09:20:34 +0200
Subject: [PATCH] Fix off-by-one in jobs_eta allocation

Signed-off-by: Jens Axboe <axboe@kernel.dk>
---
 eta.c    | 8 ++++++--
 server.c | 5 ++++-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/eta.c b/eta.c
index b7f1fd62..6118d1af 100644
--- a/eta.c
+++ b/eta.c
@@ -418,10 +418,14 @@ void display_thread_status(struct jobs_eta *je)
 void print_thread_status(void)
 {
 	struct jobs_eta *je;
+	size_t size;
 
-	je = malloc(sizeof(*je) + thread_number * sizeof(char));
+	if (!thread_number)
+		return;
 
-	memset(je, 0, sizeof(*je) + thread_number * sizeof(char));
+	size = sizeof(*je) + thread_number * sizeof(char) + 1;
+	je = malloc(size);
+	memset(je, 0, size);
 
 	if (calc_thread_status(je, 0))
 		display_thread_status(je);
diff --git a/server.c b/server.c
index ac6c2fb8..2c20e37b 100644
--- a/server.c
+++ b/server.c
@@ -409,7 +409,10 @@ static int handle_send_eta_cmd(struct fio_net_cmd *cmd)
 	size_t size;
 	int i;
 
-	size = sizeof(*je) + thread_number * sizeof(char);
+	if (!thread_number)
+		return 0;
+
+	size = sizeof(*je) + thread_number * sizeof(char) + 1;
 	je = malloc(size);
 	memset(je, 0, size);
 
-- 
2.25.1