usb: musb: avoid out of bound access in udc_setup_ep

For id = 15 an out of bound access occurs in udc_setup_ep().
Increase the size of epinfo[] from 30 to 32 to encompass
ids 0..15.

The problem was highlighted by cppcheck.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

diff --git a/drivers/usb/musb/musb_udc.c b/drivers/usb/musb/musb_udc.c
index 87640f4..d643334 100644 (file)
--- a/drivers/usb/musb/musb_udc.c
+++ b/drivers/usb/musb/musb_udc.c
@@ -85,7 +85,7 @@ do {                                                                  \
 /* static implies these initialized to 0 or NULL */
 static int debug_setup;
 static int debug_level;
-static struct musb_epinfo epinfo[MAX_ENDPOINT * 2];
+static struct musb_epinfo epinfo[MAX_ENDPOINT * 2 + 2];
 static enum ep0_state_enum {
        IDLE = 0,
        TX,
@@ -944,7 +944,7 @@ int udc_init(void)
        musbr = musb_cfg.regs;
 
        /* Initialize the endpoints */
-       for (ep_loop = 0; ep_loop < MAX_ENDPOINT * 2; ep_loop++) {
+       for (ep_loop = 0; ep_loop <= MAX_ENDPOINT * 2; ep_loop++) {
                epinfo[ep_loop].epnum = (ep_loop / 2) + 1;
                epinfo[ep_loop].epdir = ep_loop % 2; /* OUT, IN */
                epinfo[ep_loop].epsize = 0;