drivers:misc: ti-st: fix skipping of change remote baud

Before the incrementing of ptr in skip_change_remote_baud,
it points to cur_action, but the increment is done by
the size of nxt_action instead. This could cause ptr
to not point to a bts_action structure, which is
harmful for the increment of ptr done in download_firmware.
Therefore, the skipping is first done for cur_action.

Signed-off-by: Shahar Lev <shahar@wizery.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/misc/ti-st/st_kim.c b/drivers/misc/ti-st/st_kim.c
index 3613c3bc4da34bd076d315464ab75df7f92318fb..38fd2f04c07eed8df424dd7ef6f04ba25d7f4054 100644 (file)
--- a/drivers/misc/ti-st/st_kim.c
+++ b/drivers/misc/ti-st/st_kim.c
@@ -245,9 +245,9 @@ void skip_change_remote_baud(unsigned char **ptr, long *len)
                pr_err("invalid action after change remote baud command");
        } else {
                *ptr = *ptr + sizeof(struct bts_action) +
-                       ((struct bts_action *)nxt_action)->size;
+                       ((struct bts_action *)cur_action)->size;
                *len = *len - (sizeof(struct bts_action) +
-                               ((struct bts_action *)nxt_action)->size);
+                               ((struct bts_action *)cur_action)->size);
                /* warn user on not commenting these in firmware */
                pr_warn("skipping the wait event of change remote baud");
        }