From: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Date: Wed, 29 Apr 2015 12:33:02 +0000 (-0300)
Subject: [media] qt1010: avoid going past array
X-Git-Tag: firefly_0821_release~176^2~795^2~952
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=4682b58e5af01ee856a706083eac71238fb69cd0;p=firefly-linux-kernel-4.4.55.git

[media] qt1010: avoid going past array

As reported by smatch:
	drivers/media/tuners/qt1010.c:357 qt1010_init() error: buffer overflow 'i2c_data' 34 <= 34

This should not happen with the current code, as the i2c_data array
doesn't end with a QT1010_M1, but it doesn't hurt add a BUG_ON
to notify if one modifies it and breaks.

Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
---

diff --git a/drivers/media/tuners/qt1010.c b/drivers/media/tuners/qt1010.c
index 74b6b17cdbaf..ae8cbece6d2b 100644
--- a/drivers/media/tuners/qt1010.c
+++ b/drivers/media/tuners/qt1010.c
@@ -354,13 +354,17 @@ static int qt1010_init(struct dvb_frontend *fe)
 				valptr = &priv->reg1f_init_val;
 			else
 				valptr = &tmpval;
+
+			BUG_ON(i >= ARRAY_SIZE(i2c_data) - 1);
+
 			err = qt1010_init_meas1(priv, i2c_data[i+1].reg,
 						i2c_data[i].reg,
 						i2c_data[i].val, valptr);
 			i++;
 			break;
 		}
-		if (err) return err;
+		if (err)
+			return err;
 	}
 
 	for (i = 0x31; i < 0x3a; i++) /* 0x31 - 0x39 */