Accessing le_states_desc_table array with value 15 can cause out-of-bound read because current size of array is 14. Currently this cannot lead to any problems becase we do no have such state in le_states_comb_table but this could be changed in future and raise described problem. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. --- monitor/packet.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/monitor/packet.c b/monitor/packet.c index b7431b57d..1f04063d3 100644 --- a/monitor/packet.c +++ b/monitor/packet.c @@ -2816,7 +2816,8 @@ static const struct { static void print_le_states(const uint8_t *states_array) { uint64_t mask, states = 0; - int i, n; + int i = 0; + size_t n = 0; for (i = 0; i < 8; i++) states |= ((uint64_t) states_array[i]) << (i * 8); @@ -2828,12 +2829,12 @@ static void print_le_states(const uint8_t *states_array) for (i = 0; le_states_comb_table[i].states; i++) { uint64_t val = (((uint64_t) 1) << le_states_comb_table[i].bit); const char *str[3] = { NULL, }; - int num = 0; + size_t num = 0; if (!(states & val)) continue; - for (n = 0; n < 16; n++) { + for (n = 0; n < ARRAY_SIZE(le_states_desc_table); n++) { if (le_states_comb_table[i].states & (1 << n)) str[num++] = le_states_desc_table[n].str; } -- 2.35.1