tools: Fix buffer overflow in hciattach_tialt.c

Array 'c_brf_chip' of size 8 could be accessed by index > 7. We should
limit array access like in previous check at line 221.

Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>

diff --git a/tools/hciattach_tialt.c b/tools/hciattach_tialt.c
index 91fe579..a7e02c7 100755 (executable)
--- a/tools/hciattach_tialt.c
+++ b/tools/hciattach_tialt.c
@@ -220,7 +220,8 @@ int texasalt_init(int fd, int speed, struct termios *ti)
                                ((brf_chip > 7) ? "unknown" : c_brf_chip[brf_chip]),
                                brf_chip);
 
-               sprintf(fw, "/etc/firmware/%s.bin", c_brf_chip[brf_chip]);
+               sprintf(fw, "/etc/firmware/%s.bin",
+                       (brf_chip > 7) ? "unknown" : c_brf_chip[brf_chip]);
                texas_load_firmware(fd, fw);
 
                texas_change_speed(fd, speed);