[NIU]: Fix write past end of array in niu_pci_probe_sprom().

Noticed by Coverity checker and reported by Adrian Bunk.

Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/niu.c b/drivers/net/niu.c
index 43bfe7e6b6f5c0c167885460c2a55871066b10ea..54166bdeae96b69265521a4567e1ab6fd2001b91 100644 (file)
--- a/drivers/net/niu.c
+++ b/drivers/net/niu.c
@@ -6213,7 +6213,7 @@ static int __devinit niu_pci_probe_sprom(struct niu *np)
        val = nr64(ESPC_MOD_STR_LEN);
        niudbg(PROBE, "SPROM: MOD_STR_LEN[%llu]\n",
               (unsigned long long) val);
-       if (val > 8 * 4)
+       if (val >= 8 * 4)
                return -EINVAL;
 
        for (i = 0; i < val; i += 4) {
@@ -6229,7 +6229,7 @@ static int __devinit niu_pci_probe_sprom(struct niu *np)
        val = nr64(ESPC_BD_MOD_STR_LEN);
        niudbg(PROBE, "SPROM: BD_MOD_STR_LEN[%llu]\n",
               (unsigned long long) val);
-       if (val > 4 * 4)
+       if (val >= 4 * 4)
                return -EINVAL;
 
        for (i = 0; i < val; i += 4) {