From d3c2155ce5889731de5d18c53f7fbde2d1b87e00 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Wed, 17 Dec 2014 02:53:59 +0300 Subject: [PATCH] gpio: grgpio: off by one in grgpio_to_irq() "gc->ngpio" is a number between 1 and GRGPIO_MAX_NGPIO. If "offset" is GRGPIO_MAX_NGPIO then we're going one step beyond the end of the priv->lirqs[] array. Signed-off-by: Dan Carpenter Reviewed-by: Alexandre Courbot Signed-off-by: Linus Walleij --- drivers/gpio/gpio-grgpio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpio/gpio-grgpio.c b/drivers/gpio/gpio-grgpio.c index 09daaf2aeb56..d5bc70fce4df 100644 --- a/drivers/gpio/gpio-grgpio.c +++ b/drivers/gpio/gpio-grgpio.c @@ -121,7 +121,7 @@ static int grgpio_to_irq(struct gpio_chip *gc, unsigned offset) { struct grgpio_priv *priv = grgpio_gc_to_priv(gc); - if (offset > gc->ngpio) + if (offset >= gc->ngpio) return -ENXIO; if (priv->lirqs[offset].index < 0)