Accessing le_states_desc_table array with value 15 can cause
out-of-bound read because current size of array is 14.
Currently this cannot lead to any problems becase we do no have such
state in le_states_comb_table but this could be changed in future and
raise described problem.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
---
monitor/packet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/monitor/packet.c b/monitor/packet.c
index b7431b57d..c61d6bd4b 100644
--- a/monitor/packet.c
+++ b/monitor/packet.c
@@ -2833,7 +2833,7 @@ static void print_le_states(const uint8_t *states_array)
if (!(states & val))
continue;
- for (n = 0; n < 16; n++) {
+ for (n = 0; n < ARRAY_SIZE(le_states_desc_table); n++) {
if (le_states_comb_table[i].states & (1 << n))
str[num++] = le_states_desc_table[n].str;
}
--
2.34.0
