From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue, 16 Dec 2014 23:53:59 +0000 (+0300)
Subject: gpio: grgpio: off by one in grgpio_to_irq()
X-Git-Tag: v4.0-rc1~123^2~48
X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=commitdiff_plain;h=d3c2155ce5889731de5d18c53f7fbde2d1b87e00;p=linux.git

gpio: grgpio: off by one in grgpio_to_irq()

"gc->ngpio" is a number between 1 and GRGPIO_MAX_NGPIO.  If "offset" is
GRGPIO_MAX_NGPIO then we're going one step beyond the end of the
priv->lirqs[] array.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
---

diff --git a/drivers/gpio/gpio-grgpio.c b/drivers/gpio/gpio-grgpio.c
index 09daaf2aeb56..d5bc70fce4df 100644
--- a/drivers/gpio/gpio-grgpio.c
+++ b/drivers/gpio/gpio-grgpio.c
@@ -121,7 +121,7 @@ static int grgpio_to_irq(struct gpio_chip *gc, unsigned offset)
 {
 	struct grgpio_priv *priv = grgpio_gc_to_priv(gc);
 
-	if (offset > gc->ngpio)
+	if (offset >= gc->ngpio)
 		return -ENXIO;
 
 	if (priv->lirqs[offset].index < 0)