From: Christophe JAILLET <redacted>
Date: Mon, 26 Aug 2019 21:02:09 +0200

We 'allocate' 'count' bytes here. In fact, 'dev_alloc_skb' already add some
extra space for padding, so a bit more is allocated.

However, we use 1 byte for the KISS command, then copy 'count' bytes, so
count+1 bytes.

Explicitly allocate and use 1 more byte to be safe.

Signed-off-by: Christophe JAILLET <redacted>

I applied your patch as-is, as it is correct and doesn't change the contents
of the data put into the SKB at all.

->rcount is the cooked count minus two, but then we copy effectively
cooked count minus one bytes from one byte past the beginning of the
cooked buffer and so all the accesses are in range on the input buffer
side.