crewID/libnfc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Changing conditions to avoid Coverity to complain in artificial situations

Browse source 
CID 1090331 (#1 of 1): Out-of-bounds access (OVERRUN)
11. overrun-buffer-arg: Overrunning array "pnti->nai.abtUid" of 10 bytes by passing it to a function which accesses it at byte offset 11 using argument "pnti->nai.szUidLen" (which evaluates to 12).
This commit is contained in:
Philippe Teuwen 2013-09-20 00:13:21 +02:00
parent a5e7dec797
commit ddf58f2d69
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
libnfc/chips/pn53x.c
View file

@ -503,7 +503,8 @@ pn53x_decode_target_data(const uint8_t *pbtRawData, size_t szRawData, pn53x_type
if ((pnti->nai.szUidLen == 8) && (pbtUid[0] == 0x88)) {
pnti->nai.szUidLen = 7;
memcpy(pnti->nai.abtUid, pbtUid + 1, 7);
} else if ((pnti->nai.szUidLen == 12) && (pbtUid[0] == 0x88) && (pbtUid[4] == 0x88)) {
// } else if ((pnti->nai.szUidLen == 12) && (pbtUid[0] == 0x88) && (pbtUid[4] == 0x88)) {
} else if (pnti->nai.szUidLen > 10) {
pnti->nai.szUidLen = 10;
memcpy(pnti->nai.abtUid, pbtUid + 1, 3);
memcpy(pnti->nai.abtUid + 3, pbtUid + 5, 3);