| Message ID | 89e5bc8de1ae960f10bd5ea465e7e4f7c6b8812a.1430348725.git.mchehab@osg.samsung.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
diff --git a/drivers/media/tuners/qt1010.c b/drivers/media/tuners/qt1010.c index 74b6b17cdbaf..ae8cbece6d2b 100644 --- a/drivers/media/tuners/qt1010.c +++ b/drivers/media/tuners/qt1010.c @@ -354,13 +354,17 @@ static int qt1010_init(struct dvb_frontend *fe) valptr = &priv->reg1f_init_val; else valptr = &tmpval; + + BUG_ON(i >= ARRAY_SIZE(i2c_data) - 1); + err = qt1010_init_meas1(priv, i2c_data[i+1].reg, i2c_data[i].reg, i2c_data[i].val, valptr); i++; break; } - if (err) return err; + if (err) + return err; } for (i = 0x31; i < 0x3a; i++) /* 0x31 - 0x39 */
As reported by smatch: drivers/media/tuners/qt1010.c:357 qt1010_init() error: buffer overflow 'i2c_data' 34 <= 34 This should not happen with the current code, as the i2c_data array doesn't end with a QT1010_M1, but it doesn't hurt add a BUG_ON to notify if one modifies it and breaks. Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>