From: Gerhard Sittig Date: Sun, 16 Oct 2016 16:25:19 +0000 (+0200) Subject: asix-sigma: fix out-of-range access to the samplerates[] array X-Git-Tag: libsigrok-0.5.0~209 X-Git-Url: https://sigrok.org/gitweb/?p=libsigrok.git;a=commitdiff_plain;h=4154a516de818ace3aabfe5e44cf4c81986074e7 asix-sigma: fix out-of-range access to the samplerates[] array Commit 2c9c0df86eaf removed the sentinel from the samplerates[] array, but did not adjust the test which checked whether a rate is listed in the set of supported rates. This could result in an out-of-range access beyond the array's last item. Fix the "listed?" check after iterating the table of supported rates. Cope with either presence or absence of a sentinel in the array. Address some more style nits while we are here. Rename an identifier for a local variable which unintentionally might suggest that it would be a preprocessor macro (all-caps). Reduce redundancy in data type references as well as in the determination of the array size. Signed-off-by: Gerhard Sittig --- diff --git a/src/hardware/asix-sigma/api.c b/src/hardware/asix-sigma/api.c index d4209988..c4e4027c 100644 --- a/src/hardware/asix-sigma/api.c +++ b/src/hardware/asix-sigma/api.c @@ -259,7 +259,7 @@ static int config_list(uint32_t key, GVariant **data, const struct sr_dev_inst * case SR_CONF_SAMPLERATE: g_variant_builder_init(&gvb, G_VARIANT_TYPE("a{sv}")); gvar = g_variant_new_fixed_array(G_VARIANT_TYPE("t"), samplerates, - SAMPLERATES_COUNT, sizeof(uint64_t)); + samplerates_count, sizeof(samplerates[0])); g_variant_builder_add(&gvb, "{sv}", "samplerates", gvar); *data = g_variant_builder_end(&gvb); break; diff --git a/src/hardware/asix-sigma/protocol.c b/src/hardware/asix-sigma/protocol.c index f17a9623..b23b26ff 100644 --- a/src/hardware/asix-sigma/protocol.c +++ b/src/hardware/asix-sigma/protocol.c @@ -51,7 +51,7 @@ SR_PRIV const uint64_t samplerates[] = { SR_MHZ(200), /* Special FW needed */ }; -SR_PRIV const int SAMPLERATES_COUNT = ARRAY_SIZE(samplerates); +SR_PRIV const size_t samplerates_count = ARRAY_SIZE(samplerates); static const char sigma_firmware_files[][24] = { /* 50 MHz, supports 8 bit fractions */ @@ -523,18 +523,18 @@ SR_PRIV int sigma_set_samplerate(const struct sr_dev_inst *sdi, uint64_t sampler { struct dev_context *devc; struct drv_context *drvc; - unsigned int i; + size_t i; int ret; devc = sdi->priv; drvc = sdi->driver->context; ret = SR_OK; - for (i = 0; i < ARRAY_SIZE(samplerates); i++) { + for (i = 0; i < samplerates_count; i++) { if (samplerates[i] == samplerate) break; } - if (samplerates[i] == 0) + if (i >= samplerates_count || samplerates[i] == 0) return SR_ERR_SAMPLERATE; if (samplerate <= SR_MHZ(50)) { diff --git a/src/hardware/asix-sigma/protocol.h b/src/hardware/asix-sigma/protocol.h index 9a2e5fc6..cbacb671 100644 --- a/src/hardware/asix-sigma/protocol.h +++ b/src/hardware/asix-sigma/protocol.h @@ -23,6 +23,7 @@ #define LIBSIGROK_HARDWARE_ASIX_SIGMA_PROTOCOL_H #include +#include #include #include #include @@ -221,7 +222,7 @@ struct dev_context { }; extern SR_PRIV const uint64_t samplerates[]; -extern SR_PRIV const int SAMPLERATES_COUNT; +extern SR_PRIV const size_t samplerates_count; SR_PRIV int sigma_write_register(uint8_t reg, uint8_t *data, size_t len, struct dev_context *devc);