You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by xi...@apache.org on 2022/10/21 08:31:18 UTC
[incubator-nuttx-apps] 01/02: netlib_getarptab: fix codechecker high level issue
This is an automated email from the ASF dual-hosted git repository.
xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-nuttx-apps.git
commit cfb64cffb165eef61336cb8530ebeffd74aded77
Author: zhanghongyu <zh...@xiaomi.com>
AuthorDate: Wed Oct 12 17:28:56 2022 +0800
netlib_getarptab: fix codechecker high level issue
197: paysize = RTA_PAYLOAD(&resp->attr);
198: if (paysize > maxsize)
199: {
200: paysize = maxsize;
201: }
202:
203: memcpy(arptab, resp->data, paysize);
Memory copy function accesses out-of-bound array element
Signed-off-by: zhanghongyu <zh...@xiaomi.com>
---
netutils/netlib/netlib_getarptab.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/netutils/netlib/netlib_getarptab.c b/netutils/netlib/netlib_getarptab.c
index ad2b0c9d1..477f1b487 100644
--- a/netutils/netlib/netlib_getarptab.c
+++ b/netutils/netlib/netlib_getarptab.c
@@ -99,7 +99,7 @@ ssize_t netlib_get_arptable(FAR struct arp_entry_s *arptab,
/* Pre-allocate a buffer to hold the response */
- maxsize = CONFIG_NET_ARPTAB_SIZE * sizeof(struct arp_entry_s);
+ maxsize = nentries * sizeof(struct arp_entry_s);
allocsize = SIZEOF_NETLIB_RECVFROM_RESPONSE_S(maxsize);
resp = (FAR struct netlib_recvfrom_response_s *)malloc(allocsize);
if (resp == NULL)