PM / OPP: fix off-by-one bug in dev_pm_opp_get_max_volt_latency loop

Reading array at given index before checking if index is valid results in
illegal memory access.

The bug was detected using KASAN framework.

Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

diff --git a/drivers/base/power/opp/core.c b/drivers/base/power/opp/core.c
index 91ec3232d6300420b5ec0ec8b9359c44a9fba994..dae61720b31402be9f666063de5ad7c6361f147a 100644 (file)
--- a/drivers/base/power/opp/core.c
+++ b/drivers/base/power/opp/core.c
@@ -231,7 +231,8 @@ unsigned long dev_pm_opp_get_max_volt_latency(struct device *dev)
         * The caller needs to ensure that opp_table (and hence the regulator)
         * isn't freed, while we are executing this routine.
         */
-       for (i = 0; reg = regulators[i], i < count; i++) {
+       for (i = 0; i < count; i++) {
+               reg = regulators[i];
                ret = regulator_set_voltage_time(reg, uV[i].min, uV[i].max);
                if (ret > 0)
                        latency_ns += ret * 1000;