Google Git
Sign in
linux / linux / kernel / git / dtor / input / refs/heads/for-linus
commit248d3a73a0167dce15ba100477c3e778c4787178[log] [tgz]
authorJunjie Cao <junjie.cao@intel.com>Thu Dec 18 21:56:59 2025 -0800
committerDmitry Torokhov <dmitry.torokhov@gmail.com>Thu Dec 18 22:00:07 2025 -0800
treea60d793d212257d1fcdae26192f92421d6e105bd
parent806ec7b797adc1cc9b11535307638a55ddfb873c [diff]
Input: ti_am335x_tsc - fix off-by-one error in wire_order validation

The current validation 'wire_order[i] > ARRAY_SIZE(config_pins)' allows
wire_order[i] to equal ARRAY_SIZE(config_pins), which causes out-of-bounds
access when used as index in 'config_pins[wire_order[i]]'.

Since config_pins has 4 elements (indices 0-3), the valid range for
wire_order should be 0-3. Fix the off-by-one error by using >= instead
of > in the validation check.

Signed-off-by: Junjie Cao <junjie.cao@intel.com>
Link: https://patch.msgid.link/20251114062817.852698-1-junjie.cao@intel.com
Fixes: bb76dc09ddfc ("input: ti_am33x_tsc: Order of TSC wires, made configurable")
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
1 file changed
tree: a60d793d212257d1fcdae26192f92421d6e105bd
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. io_uring/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. rust/
  18. samples/
  19. scripts/
  20. security/
  21. sound/
  22. tools/
  23. usr/
  24. virt/
  25. .clang-format
  26. .clippy.toml
  27. .cocciconfig
  28. .editorconfig
  29. .get_maintainer.ignore
  30. .gitattributes
  31. .gitignore
  32. .mailmap
  33. .pylintrc
  34. .rustfmt.toml
  35. COPYING
  36. CREDITS
  37. Kbuild
  38. Kconfig
  39. MAINTAINERS
  40. Makefile
  41. README