HID: playstation: fix array size comparison (off-by-one)

The comparison of value with the array size ps_gamepad_hat_mapping
appears to be off-by-one. Fix this by using >= rather than > for the
size comparison.

Addresses-Coverity: ("Out-of-bounds read")
Fixes: bc2e15a9a022 ("HID: playstation: initial DualSense USB support.")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>

diff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c
index f279064..3b6f421 100644 (file)
--- a/drivers/hid/hid-playstation.c
+++ b/drivers/hid/hid-playstation.c
@@ -845,7 +845,7 @@ static int dualsense_parse_report(struct ps_device *ps_dev, struct hid_report *r
        input_report_abs(ds->gamepad, ABS_RZ, ds_report->rz);
 
        value = ds_report->buttons[0] & DS_BUTTONS0_HAT_SWITCH;
-       if (value > ARRAY_SIZE(ps_gamepad_hat_mapping))
+       if (value >= ARRAY_SIZE(ps_gamepad_hat_mapping))
                value = 8; /* center */
        input_report_abs(ds->gamepad, ABS_HAT0X, ps_gamepad_hat_mapping[value].x);
        input_report_abs(ds->gamepad, ABS_HAT0Y, ps_gamepad_hat_mapping[value].y);