From 08253c317be2aa523fe5a4f6523a1140031b2327 Mon Sep 17 00:00:00 2001
From: Mauro Carvalho Chehab <m.chehab@samsung.com>
Date: Sun, 31 Aug 2014 20:53:30 -0300
Subject: [PATCH] libdvbv5: Don't go past the size of dvb_v5_name

As reported by Coverity:

4. cond_between: Checking cmd < 256 implies that cmd has the value which is between 0 and 255 (inclusive) on the true branch.
460        if (cmd >= 0 && cmd < DTV_USER_COMMAND_START)
CID 1054605 (#1 of 1): Out-of-bounds read (OVERRUN)5. overrun-local: Overrunning array dvb_v5_name of 71 8-byte elements at element index 255 (byte offset 2040) using index cmd (which evaluates to 255).
461                return dvb_v5_name[cmd];
462        else if (cmd >= 0 && cmd <= DTV_MAX_STAT_COMMAND)
463                return dvb_user_name[cmd - DTV_USER_COMMAND_START];
464        return NULL;

This wouldn't be a problem if the function was just internal,
but this is part of the public functions.

Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
---
 lib/libdvbv5/dvb-fe.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/libdvbv5/dvb-fe.c b/lib/libdvbv5/dvb-fe.c
index a9f3e77..0edd240 100644
--- a/lib/libdvbv5/dvb-fe.c
+++ b/lib/libdvbv5/dvb-fe.c
@@ -457,9 +457,9 @@ int dvb_set_compat_delivery_system(struct dvb_v5_fe_parms *p,
 
 const char *dvb_cmd_name(int cmd)
 {
-	if (cmd >= 0 && cmd < DTV_USER_COMMAND_START)
+	if (cmd >= 0 && cmd < ARRAY_SIZE(dvb_v5_name))
 		return dvb_v5_name[cmd];
-	else if (cmd >= 0 && cmd <= DTV_MAX_STAT_COMMAND)
+	else if (cmd >= DTV_USER_COMMAND_START && cmd <= DTV_MAX_STAT_COMMAND)
 		return dvb_user_name[cmd - DTV_USER_COMMAND_START];
 	return NULL;
 }
-- 
2.7.4