IIO: Documentation: iio_utils: Prevent buffer overflow

The first part of build_channel_array()identifies the number of enabled channels.
Further down this count is used to allocate the ci_array. The next section parses the
scan_elements directory again, and fills ci_array regardless if the channel is enabled or not.
So if less than available channels are enabled ci_array memory is overflowed.

This fix makes sure that we allocate enough memory. But the whole approach looks a bit
cumbersome to me. Why not allocate memory for MAX_CHANNLES, less say 64
(I never seen a part with more than that channels). And skip the first part entirely.

Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
Acked-by: Jonathan Cameron <jic23@cam.ac.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

drivers/staging/iio/Documentation/iio_utils.h

@@ -290,15 +290,17 @@ inline int build_channel_array(const char *device_dir,
 			fscanf(sysfsfp, "%u", &ret);
 			if (ret == 1)
 				(*counter)++;
+			count++;
 			fclose(sysfsfp);
 			free(filename);
 		}
-	*ci_array = malloc(sizeof(**ci_array)*(*counter));
+	*ci_array = malloc(sizeof(**ci_array)*count);
 	if (*ci_array == NULL) {
 		ret = -ENOMEM;
 		goto error_close_dir;
 	}
 	seekdir(dp, 0);
+	count = 0;
 	while (ent = readdir(dp), ent != NULL) {
 		if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"),
 			   "_en") == 0) {