From fdc95e89441ba6f2d39f5f6f3e2ac20933245b8d Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Thu, 20 Dec 2018 16:35:27 +0100
Subject: [PATCH 06/27] evdev: fix off-by-one error in decode_bitset

* evdev.c (decode_bitset): Decrement sorted/indexed xlat's size by one
in order to account for guarding XLAT_END, as other sorted/indexed xlat
wrappers do.

Fixes: v4.23~261 "evdev: support various types of xlats in decode_bitset"
---
 evdev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/evdev.c b/evdev.c
index cae2ef1..957d0e2 100644
--- a/evdev.c
+++ b/evdev.c
@@ -208,7 +208,7 @@ decode_bitset_(struct tcb *const tcp, const kernel_ulong_t arg,
 
 #define decode_bitset(tcp_, arg_, decode_nr_, max_nr_, dflt_, xt_) \
 	decode_bitset_((tcp_), (arg_), (decode_nr_), (max_nr_), \
-		       (dflt_), ARRAY_SIZE(decode_nr_), (xt_))
+		       (dflt_), ARRAY_SIZE(decode_nr_) - 1, (xt_))
 
 # ifdef EVIOCGMTSLOTS
 static int
-- 
2.1.4