"gc->ngpio" is a number between 1 and GRGPIO_MAX_NGPIO. If "offset" is
GRGPIO_MAX_NGPIO then we're going one step beyond the end of the
priv->lirqs[] array.
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
diff --git a/drivers/gpio/gpio-grgpio.c b/drivers/gpio/gpio-grgpio.c
index 09daaf2..d5bc70f 100644
--- a/drivers/gpio/gpio-grgpio.c
+++ b/drivers/gpio/gpio-grgpio.c
@@ -121,7 +121,7 @@ static int grgpio_to_irq(struct gpio_chip *gc, unsigned offset)
{
struct grgpio_priv *priv = grgpio_gc_to_priv(gc);
- if (offset > gc->ngpio)
+ if (offset >= gc->ngpio)
return -ENXIO;
if (priv->lirqs[offset].index < 0)
--
To unsubscribe from this list: send the line "unsubscribe linux-gpio" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[patch] gpio: grgpio: off by one in grgpio_to_irq()
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: [patch] gpio: grgpio: off by one in grgpio_to_irq()
- From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
- Date: Wed, 17 Dec 2014 02:53:59 +0300
- User-agent: Mutt/1.5.21 (2010-09-15)
- Follow-Ups:
- Re: [patch] gpio: grgpio: off by one in grgpio_to_irq()
- From: Linus Walleij
- Re: [patch] gpio: grgpio: off by one in grgpio_to_irq()
- From: Alexandre Courbot
- Re: [patch] gpio: grgpio: off by one in grgpio_to_irq()
- Prev by Date: basic-mmio-gpio: add DT support
- Next by Date: Re: [patch] gpio: grgpio: off by one in grgpio_to_irq()
- Previous by thread: basic-mmio-gpio: add DT support
- Next by thread: Re: [patch] gpio: grgpio: off by one in grgpio_to_irq()
- Index(es):
 |