From 8f7fde8d6a7fb03ba7c40fe9538915254f7b2d9d Mon Sep 17 00:00:00 2001
From: Larry Finger <Larry.Finger@lwfinger.net>
Date: Thu, 5 Sep 2013 12:08:39 -0500
Subject: [PATCH] rtl8188eu: Fix smatch warnings in core/rtw_efuse.c

Smatch reports the following warnings:

  CHECK   /home/finger/rtl8188eu/core/rtw_efuse.c
/home/finger/rtl8188eu/core/rtw_efuse.c:646 rtw_efuse_map_write() error: buffer overflow 'newdata' 8 <= 8
/home/finger/rtl8188eu/core/rtw_efuse.c:655 rtw_efuse_map_write() error: buffer overflow 'newdata' 8 <= 8
/home/finger/rtl8188eu/core/rtw_efuse.c:738 rtw_BT_efuse_map_write() error: buffer overflow 'newdata' 8 <= 8
/home/finger/rtl8188eu/core/rtw_efuse.c:747 rtw_BT_efuse_map_write() error: buffer overflow 'newdata' 8 <= 8

These are due to an off-by-one error in an array size.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
---
 core/rtw_efuse.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/rtw_efuse.c b/core/rtw_efuse.c
index 327e343..764b045 100644
--- a/core/rtw_efuse.c
+++ b/core/rtw_efuse.c
@@ -599,7 +599,7 @@ u8 rtw_efuse_map_write(struct adapter *padapter, u16 addr, u16 cnts, u8 *data)
 {
 	u8 offset, word_en;
 	u8 *map;
-	u8 newdata[PGPKT_DATA_SIZE];
+	u8 newdata[PGPKT_DATA_SIZE + 1];
 	s32	i, idx;
 	u8 ret = _SUCCESS;
 	u16 mapLen = 0;
@@ -691,7 +691,7 @@ u8 rtw_BT_efuse_map_write(struct adapter *padapter, u16 addr, u16 cnts, u8 *data
 {
 	u8 offset, word_en;
 	u8 *map;
-	u8 newdata[PGPKT_DATA_SIZE];
+	u8 newdata[PGPKT_DATA_SIZE + 1];
 	s32	i, idx;
 	u8 ret = _SUCCESS;
 	u16 mapLen = 0;