media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init

stable inclusion
from stable-v4.19.247
commit a3660e06675bccec4bf149c7229ea1d491ba10d7
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBP6VC
CVE: CVE-2022-49478

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a3660e06675bccec4bf149c7229ea1d491ba10d7



--------------------------------

[ Upstream commit 471bec68 ]

Syzbot reported that -1 is used as array index. The problem was in
missing validation check.

hdw->unit_number is initialized with -1 and then if init table walk fails
this value remains unchanged. Since code blindly uses this member for
array indexing adding sanity check is the easiest fix for that.

hdw->workpoll initialization moved upper to prevent warning in
__flush_work.

Reported-and-tested-by:  <syzbot+1a247e36149ffd709a9b@syzkaller.appspotmail.com>

Fixes: d855497e ("V4L/DVB (4228a): pvrusb2 to kernel 2.6.18")
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Gu Bowen <gubowen5@huawei.com>