From 0b2959d8c707888c94f22ad42e0e8acf1257f7d5 Mon Sep 17 00:00:00 2001
From: Jef Driesen <jef@libdivecomputer.org>
Date: Fri, 12 Oct 2018 09:42:26 +0200
Subject: [PATCH] Fix a potential buffer overflow

Check whether there is space available for a complete sample, and not
just a single byte!
---
 src/shearwater_predator_parser.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/shearwater_predator_parser.c b/src/shearwater_predator_parser.c
index dd9992a..f6a7b1d 100644
--- a/src/shearwater_predator_parser.c
+++ b/src/shearwater_predator_parser.c
@@ -264,7 +264,7 @@ shearwater_predator_parser_cache (shearwater_predator_parser_t *parser)
 
 	unsigned int offset = headersize;
 	unsigned int length = size - footersize;
-	while (offset < length) {
+	while (offset + parser->samplesize <= length) {
 		// Ignore empty samples.
 		if (array_isequal (data + offset, parser->samplesize, 0x00)) {
 			offset += parser->samplesize;
@@ -440,7 +440,7 @@ shearwater_predator_parser_samples_foreach (dc_parser_t *abstract, dc_sample_cal
 	unsigned int time = 0;
 	unsigned int offset = parser->headersize;
 	unsigned int length = size - parser->footersize;
-	while (offset < length) {
+	while (offset + parser->samplesize <= length) {
 		dc_sample_value_t sample = {0};
 
 		// Ignore empty samples.