Input: pcf8574_keypad - fix off by one in pcf8574_kp_irq_handler()
If nextstate == ARRAY_SIZE(lp->btncode), then we read one past the end of
the array on the next line.
This fixes a smatch warning:
drivers/input/misc/pcf8574_keypad.c +74 pcf8574_kp_irq_handler(8)
error: buffer overflow 'lp->btncode' 17 <= 17
Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
diff --git a/drivers/input/misc/pcf8574_keypad.c b/drivers/input/misc/pcf8574_keypad.c
index 5c3ac4e..376e54d 100644
--- a/drivers/input/misc/pcf8574_keypad.c
+++ b/drivers/input/misc/pcf8574_keypad.c
@@ -69,7 +69,7 @@
unsigned char nextstate = read_state(lp);
if (lp->laststate != nextstate) {
- int key_down = nextstate <= ARRAY_SIZE(lp->btncode);
+ int key_down = nextstate < ARRAY_SIZE(lp->btncode);
unsigned short keycode = key_down ?
lp->btncode[nextstate] : lp->btncode[lp->laststate];