libdvbv5: Don't go past the size of dvb_v5_name

As reported by Coverity:

4. cond_between: Checking cmd < 256 implies that cmd has the value which is between 0 and 255 (inclusive) on the true branch.
460        if (cmd >= 0 && cmd < DTV_USER_COMMAND_START)
CID 1054605 (#1 of 1): Out-of-bounds read (OVERRUN)5. overrun-local: Overrunning array dvb_v5_name of 71 8-byte elements at element index 255 (byte offset 2040) using index cmd (which evaluates to 255).
461                return dvb_v5_name[cmd];
462        else if (cmd >= 0 && cmd <= DTV_MAX_STAT_COMMAND)
463                return dvb_user_name[cmd - DTV_USER_COMMAND_START];
464        return NULL;

This wouldn't be a problem if the function was just internal,
but this is part of the public functions.

Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>

diff --git a/lib/libdvbv5/dvb-fe.c b/lib/libdvbv5/dvb-fe.c
index a9f3e77..0edd240 100644 (file)
--- a/lib/libdvbv5/dvb-fe.c
+++ b/lib/libdvbv5/dvb-fe.c
@@ -457,9 +457,9 @@ int dvb_set_compat_delivery_system(struct dvb_v5_fe_parms *p,
 
 const char *dvb_cmd_name(int cmd)
 {
-       if (cmd >= 0 && cmd < DTV_USER_COMMAND_START)
+       if (cmd >= 0 && cmd < ARRAY_SIZE(dvb_v5_name))
                return dvb_v5_name[cmd];
-       else if (cmd >= 0 && cmd <= DTV_MAX_STAT_COMMAND)
+       else if (cmd >= DTV_USER_COMMAND_START && cmd <= DTV_MAX_STAT_COMMAND)
                return dvb_user_name[cmd - DTV_USER_COMMAND_START];
        return NULL;
 }