From 4349404e8196cba1198ac44aae982428207b4538 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arnim=20L=C3=A4uger?= <arniml@users.sourceforge.net>
Date: Fri, 27 Mar 2009 00:35:42 +0000
Subject: [PATCH] fix memory corruption from jedec code (Jon Smirl)

git-svn-id: https://urjtag.svn.sourceforge.net/svnroot/urjtag/trunk@1464 b68d4a1b-bc3d-0410-92ed-d4ac073336b7
---
 jtag/ChangeLog         | 4 ++++
 jtag/src/flash/jedec.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/jtag/ChangeLog b/jtag/ChangeLog
index 2be5d7a9..179c4f7b 100644
--- a/jtag/ChangeLog
+++ b/jtag/ChangeLog
@@ -1,3 +1,7 @@
+2009-03-27  Arnim Laeuger  <arniml>
+
+  * src/flash/jedec.c: fix memory corruption from jedec code (Jon Smirl)
+
 2009-03-26  Arnim Laeuger  <arniml>
 
   * src/cmd/initbus.c: Notify which bus is active when a new bus is initialized
diff --git a/jtag/src/flash/jedec.c b/jtag/src/flash/jedec.c
index 3c687c52..ce526a2c 100644
--- a/jtag/src/flash/jedec.c
+++ b/jtag/src/flash/jedec.c
@@ -391,7 +391,7 @@ jedec_detect( bus_t *bus, uint32_t adr, cfi_array_t **cfi_array )
 		return -3;              /* invalid bus width */
 	(*cfi_array)->bus_width = ba = bw / 8;
 
-	(*cfi_array)->cfi_chips = calloc( 1, sizeof (cfi_chip_t *) );
+	(*cfi_array)->cfi_chips = calloc( 1, sizeof (cfi_chip_t *) * ba);
 	if (!(*cfi_array)->cfi_chips)
 		return -2;              /* out of memory */