You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@nuttx.apache.org by xi...@apache.org on 2022/10/21 08:31:18 UTC

[incubator-nuttx-apps] 01/02: netlib_getarptab: fix codechecker high level issue

This is an automated email from the ASF dual-hosted git repository.

xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-nuttx-apps.git

commit cfb64cffb165eef61336cb8530ebeffd74aded77
Author: zhanghongyu <zh...@xiaomi.com>
AuthorDate: Wed Oct 12 17:28:56 2022 +0800

    netlib_getarptab: fix codechecker high level issue
    
    197:  paysize = RTA_PAYLOAD(&resp->attr);
    198:  if (paysize > maxsize)
    199:    {
    200:      paysize = maxsize;
    201:    }
    202:
    203:  memcpy(arptab, resp->data, paysize);
    
    Memory copy function accesses out-of-bound array element
    
    Signed-off-by: zhanghongyu <zh...@xiaomi.com>
---
 netutils/netlib/netlib_getarptab.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/netutils/netlib/netlib_getarptab.c b/netutils/netlib/netlib_getarptab.c
index ad2b0c9d1..477f1b487 100644
--- a/netutils/netlib/netlib_getarptab.c
+++ b/netutils/netlib/netlib_getarptab.c
@@ -99,7 +99,7 @@ ssize_t netlib_get_arptable(FAR struct arp_entry_s *arptab,
 
   /* Pre-allocate a buffer to hold the response */
 
-  maxsize   = CONFIG_NET_ARPTAB_SIZE * sizeof(struct arp_entry_s);
+  maxsize   = nentries * sizeof(struct arp_entry_s);
   allocsize = SIZEOF_NETLIB_RECVFROM_RESPONSE_S(maxsize);
   resp = (FAR struct netlib_recvfrom_response_s *)malloc(allocsize);
   if (resp == NULL)