As reported by smatch: drivers/media/tuners/qt1010.c:357 qt1010_init() error: buffer overflow 'i2c_data' 34 <= 34 This should not happen with the current code, as the i2c_data array doesn't end with a QT1010_M1, but it doesn't hurt add a BUG_ON to notify if one modifies it and breaks. Signed-off-by: Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxxxx> diff --git a/drivers/media/tuners/qt1010.c b/drivers/media/tuners/qt1010.c index 74b6b17cdbaf..ae8cbece6d2b 100644 --- a/drivers/media/tuners/qt1010.c +++ b/drivers/media/tuners/qt1010.c @@ -354,13 +354,17 @@ static int qt1010_init(struct dvb_frontend *fe) valptr = &priv->reg1f_init_val; else valptr = &tmpval; + + BUG_ON(i >= ARRAY_SIZE(i2c_data) - 1); + err = qt1010_init_meas1(priv, i2c_data[i+1].reg, i2c_data[i].reg, i2c_data[i].val, valptr); i++; break; } - if (err) return err; + if (err) + return err; } for (i = 0x31; i < 0x3a; i++) /* 0x31 - 0x39 */ -- 2.1.0 -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
