From 8a8d90d8712d91fcb6509cdad4f266d691e0b4bc Mon Sep 17 00:00:00 2001
From: David Greenman <dg@FreeBSD.org>
Date: Sun, 18 Dec 1994 03:05:49 +0000
Subject: [PATCH] Fix possible off by one in b_save allocation size.

---
 sys/kern/vfs_cluster.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/kern/vfs_cluster.c b/sys/kern/vfs_cluster.c
index 005da05c870..e58dfc178d2 100644
--- a/sys/kern/vfs_cluster.c
+++ b/sys/kern/vfs_cluster.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)vfs_cluster.c	8.7 (Berkeley) 2/13/94
- * $Id: vfs_cluster.c,v 1.5 1994/09/24 18:31:45 davidg Exp $
+ * $Id: vfs_cluster.c,v 1.6 1994/10/08 22:33:41 phk Exp $
  */
 
 #include <sys/param.h>
@@ -310,7 +310,7 @@ cluster_rbuild(vp, filesize, bp, lbn, blkno, size, run, flags)
 	if (bp->b_flags & (B_DONE | B_DELWRI))
 		return (bp);
 
-	b_save = malloc(sizeof(struct buf *) * run + sizeof(struct cluster_save),
+	b_save = malloc(sizeof(struct buf *) * (run + 1) + sizeof(struct cluster_save),
 	    M_SEGMENT, M_WAITOK);
 	b_save->bs_bufsize = b_save->bs_bcount = size;
 	b_save->bs_nchildren = 0;