mesh: Avoid accessing array out-of-bounds We would boundary check the expected_pdu_size array based on the value of type, but would still access it out-of-bounds for the debug message. Split off the invalid type check into its own message to avoid this. Error: OVERRUN (CWE-119): [#def23] [important] mesh/prov-initiator.c:676:2: cond_at_least: Checking "type >= 10UL" implies that "type" is at least 10 on the true branch. mesh/prov-initiator.c:678:3: overrun-local: Overrunning array "expected_pdu_size" of 10 2-byte elements at element index 10 (byte offset 21) using index "type" (which evaluates to 10). 676| if (type >= L_ARRAY_SIZE(expected_pdu_size) || 677| len != expected_pdu_size[type]) { 678|-> l_error("Expected PDU size %d, Got %d (type: %2.2x)", 679| expected_pdu_size[type], len, type); 680| fail_code[1] = PROV_ERR_INVALID_FORMAT;

Diffstat

1 files changed, 7 insertions(+), 2 deletions(-)