A recent change split the insertion loop into two parts. The first part
accessed bytes 0, 1, ... (rxlen - 2), and the second part by mistake
took offset `rxlen` instead of the correct `rxlen - 1`. So one byte was
not stored, and the final access wrote past the end of the rx_buf.
Fixes: 9c12d739d69b (tty: max310x: Split uart characters insertion loop)
Signed-off-by: Jan Kundrát <jan.kundrat@xxxxxxxxx>
---
drivers/tty/serial/max310x.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/serial/max310x.c b/drivers/tty/serial/max310x.c
index e6c48a99bd85..0e0c2740ec7e 100644
--- a/drivers/tty/serial/max310x.c
+++ b/drivers/tty/serial/max310x.c
@@ -689,7 +689,7 @@ static void max310x_handle_rx(struct uart_port *port, unsigned int rxlen)
* tail.
*/
uart_insert_char(port, sts, MAX310X_LSR_RXOVR_BIT,
- one->rx_buf[rxlen], flag);
+ one->rx_buf[rxlen-1], flag);
} else {
if (unlikely(rxlen >= port->fifosize)) {
--
2.21.0
