From 4bcd9eae731083bb724faf68cce6021213308333 Mon Sep 17 00:00:00 2001 From: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Date: Thu, 21 Nov 2019 16:02:07 +0200 Subject: [PATCH] fbtft: Fix the initialization from property algorithm When converting to device property API the commit 8b2d3aeeb7ec ("fbtft: Make use of device property API") mistakenly placed the reading of the first value inside the loop, that jumps over value after initialization sequence or sleep commands. Move the above mentioned reading outside of the loop to restore correct behaviour. Besides that, we are using pre-increment operation which may lead to out of the boundary access at the end of sequence. Thus, allocate buffer with an additional element at the end to prevent out of the boundary access. Fixes: 8b2d3aeeb7ec ("fbtft: Make use of device property API") Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Link: https://lore.kernel.org/r/20191121140207.65089-1-andriy.shevchenko@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> --- drivers/staging/fbtft/fbtft-core.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c index ffb84987dd86..d3e098b41b1a 100644 --- a/drivers/staging/fbtft/fbtft-core.c +++ b/drivers/staging/fbtft/fbtft-core.c @@ -913,7 +913,7 @@ static int fbtft_init_display_from_property(struct fbtft_par *par) if (count == 0) return -EINVAL; - values = kmalloc_array(count, sizeof(*values), GFP_KERNEL); + values = kmalloc_array(count + 1, sizeof(*values), GFP_KERNEL); if (!values) return -ENOMEM; @@ -926,9 +926,9 @@ static int fbtft_init_display_from_property(struct fbtft_par *par) gpiod_set_value(par->gpio.cs, 0); /* Activate chip */ index = -1; - while (index < count) { - val = values[++index]; + val = values[++index]; + while (index < count) { if (val & FBTFT_OF_INIT_CMD) { val &= 0xFFFF; i = 0;