Bluetooth: btmtk: remove extra copy in cmd array init

In btmtk_setup_firmware_79xx, the data length indicated by wmt_params.dlen
in the cmd buffer is MTK_SEC_MAP_NEED_SEND_SIZE + 1. Except for the first
byte, the remaining length is MTK_SEC_MAP_NEED_SEND_SIZE. memcpy copied one
more byte to cmd + 1 than the remaining length. Align the length passed to
memcpy to avoid exceeding current section map.

Signed-off-by: Jiajia Liu <liujiajia@kylinos.cn>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c
index ea7a031000cd8f7fb8acfe31d7c7019b10654d63..53cba71cb07f5f0cbf25be07d5e89493eda4f796 100644 (file)
--- a/drivers/bluetooth/btmtk.c
+++ b/drivers/bluetooth/btmtk.c
@@ -188,7 +188,7 @@ int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname,
                                       MTK_FW_ROM_PATCH_GD_SIZE +
                                       MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i +
                                       MTK_SEC_MAP_COMMON_SIZE,
-                                      MTK_SEC_MAP_NEED_SEND_SIZE + 1);
+                                      MTK_SEC_MAP_NEED_SEND_SIZE);
 
                                wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
                                wmt_params.status = &status;