@@ -913,7 +913,7 @@ static int fbtft_init_display_from_property(struct fbtft_par *par)
if (count == 0)
return -EINVAL;
- values = kmalloc_array(count, sizeof(*values), GFP_KERNEL);
+ values = kmalloc_array(count + 1, sizeof(*values), GFP_KERNEL);
if (!values)
return -ENOMEM;
@@ -926,9 +926,9 @@ static int fbtft_init_display_from_property(struct fbtft_par *par)
gpiod_set_value(par->gpio.cs, 0); /* Activate chip */
index = -1;
- while (index < count) {
- val = values[++index];
+ val = values[++index];
+ while (index < count) {
if (val & FBTFT_OF_INIT_CMD) {
val &= 0xFFFF;
i = 0;
When converting to device property API the commit 8b2d3aeeb7ec ("fbtft: Make use of device property API") mistakenly placed the reading of the first value inside the loop, that jumps over value after initialization sequence or sleep commands. Move the above mentioned reading outside of the loop to restore correct behaviour. Besides that, we are using pre-increment operation which may lead to out of the boundary access at the end of sequence. Thus, allocate buffer with an additional element at the end to prevent out of the boundary access. Fixes: 8b2d3aeeb7ec ("fbtft: Make use of device property API") Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> --- drivers/staging/fbtft/fbtft-core.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)