From c6ea7afb7656ea40265639029fca0ff177ea8414 Mon Sep 17 00:00:00 2001 From: Jef Driesen Date: Mon, 21 Sep 2020 10:29:55 +0200 Subject: [PATCH] Fix a buffer overflow The existing check accepts the number of array elements as a valid index. That's clearly wrong for zero based indexing, and would result in a buffer overflow. --- src/liquivision_lynx_parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/liquivision_lynx_parser.c b/src/liquivision_lynx_parser.c index 8489a50..ca41e21 100644 --- a/src/liquivision_lynx_parser.c +++ b/src/liquivision_lynx_parser.c @@ -333,7 +333,7 @@ liquivision_lynx_parser_samples_foreach (dc_parser_t *abstract, dc_sample_callba // Get the sample interval. unsigned int interval_idx = data[39]; const unsigned int intervals[] = {1, 2, 5, 10, 30, 60}; - if (interval_idx > C_ARRAY_SIZE(intervals)) { + if (interval_idx >= C_ARRAY_SIZE(intervals)) { ERROR (abstract->context, "Invalid sample interval index %u", interval_idx); return DC_STATUS_DATAFORMAT; }