input: touchscreen: mms128: fix allocation size for conf data

The data in config_fw has header, data blocks and end block. The
data count in the config_fw is the number of data blocks except
end block. Without considering end block, this causes buffer
overflow. So this patch fixes allocation size considering end block.

Change-Id: I053e251a21ba8befb03a1db233e4e2d9dbf1b795
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>

diff --git a/drivers/input/touchscreen/mms128.c b/drivers/input/touchscreen/mms128.c
index 7bcb3ba..24248f4 100644 (file)
--- a/drivers/input/touchscreen/mms128.c
+++ b/drivers/input/touchscreen/mms128.c
@@ -474,7 +474,8 @@ static void mms_config_set(void *context)
        }
 
        offset = conf_hdr->data_offset;
-       conf_item = kzalloc(sizeof(*conf_item)*conf_hdr->data_count,GFP_KERNEL);
+       conf_item = kzalloc(sizeof(*conf_item) * (conf_hdr->data_count + 1),
+                       GFP_KERNEL);
 
        for (i=0 ;; i++ , offset += MMS_MFSP_OFFSET)
        {