monitor: Fix out-of-bound read in print_le_states

Accessing le_states_desc_table array with value 15 can cause
out-of-bound read because current size of array is 14.

Currently this cannot lead to any problems becase we do no have such
state in le_states_comb_table but this could be changed in future and
raise described problem.

Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>

diff --git a/monitor/packet.c b/monitor/packet.c
index 51b42d7..7a2edeb 100755 (executable)
--- a/monitor/packet.c
+++ b/monitor/packet.c
@@ -2815,7 +2815,8 @@ static const struct {
 static void print_le_states(const uint8_t *states_array)
 {
        uint64_t mask, states = 0;
-       int i, n;
+       int i = 0;
+       size_t n = 0;
 
        for (i = 0; i < 8; i++)
                states |= ((uint64_t) states_array[i]) << (i * 8);
@@ -2827,12 +2828,12 @@ static void print_le_states(const uint8_t *states_array)
        for (i = 0; le_states_comb_table[i].states; i++) {
                uint64_t val = (((uint64_t) 1) << le_states_comb_table[i].bit);
                const char *str[3] = { NULL, };
-               int num = 0;
+               size_t num = 0;
 
                if (!(states & val))
                        continue;
 
-               for (n = 0; n < 16; n++) {
+               for (n = 0; n < ARRAY_SIZE(le_states_desc_table); n++) {
                        if (le_states_comb_table[i].states & (1 << n))
                                str[num++] = le_states_desc_table[n].str;
                }