Accessing le_states_desc_table array with value 15 can cause
out-of-bound read because current size of array is 14.
Currently this cannot lead to any problems becase we do no have such
state in le_states_comb_table but this could be changed in future and
raise described problem.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
---
monitor/packet.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/monitor/packet.c b/monitor/packet.c
index b7431b57d..15d629e2d 100644
--- a/monitor/packet.c
+++ b/monitor/packet.c
@@ -2816,7 +2816,8 @@ static const struct {
static void print_le_states(const uint8_t *states_array)
{
uint64_t mask, states = 0;
- int i, n;
+ int i = 0;
+ size_t n = 0;
for (i = 0; i < 8; i++)
states |= ((uint64_t) states_array[i]) << (i * 8);
@@ -2833,7 +2834,7 @@ static void print_le_states(const uint8_t *states_array)
if (!(states & val))
continue;
- for (n = 0; n < 16; n++) {
+ for (n = 0; n < ARRAY_SIZE(le_states_desc_table); n++) {
if (le_states_comb_table[i].states & (1 << n))
str[num++] = le_states_desc_table[n].str;
}
--
2.35.1
