tools: Fix buffer overflow in hciattach_tialt.c

Array 'c_brf_chip' of size 8 could be accessed by index > 7. We should limit array access like in previous check at line 221. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.
author: Ildar Kamaletdinov <i.kamaletdinov@omp.ru> 2022-04-01 15:16:43 +0300
committer: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2022-04-04 09:41:58 -0700
commit: d328abaa1715d3d8df05b06a2e09429fcdeebe34 (patch)
tree: 97e5d5e62437babbefafa563a044748bff6b954e /tools
parent: 7fdfb67284a2f93b13c008e69ff04f462e45c791 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/tools/hciattach_tialt.c b/tools/hciattach_tialt.c
index 520b383a16..4f7fd42a3a 100644
--- a/tools/hciattach_tialt.c
+++ b/tools/hciattach_tialt.c
@@ -221,7 +221,8 @@ int texasalt_init(int fd, int speed, struct termios *ti)
 				((brf_chip > 7) ? "unknown" : c_brf_chip[brf_chip]),
 				brf_chip);
 
-		sprintf(fw, "/etc/firmware/%s.bin", c_brf_chip[brf_chip]);
+		sprintf(fw, "/etc/firmware/%s.bin",
+			(brf_chip > 7) ? "unknown" : c_brf_chip[brf_chip]);
 		texas_load_firmware(fd, fw);
 
 		texas_change_speed(fd, speed);
author	Ildar Kamaletdinov <i.kamaletdinov@omp.ru>	2022-04-01 15:16:43 +0300
committer	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>	2022-04-04 09:41:58 -0700
commit	d328abaa1715d3d8df05b06a2e09429fcdeebe34 (patch)
tree	97e5d5e62437babbefafa563a044748bff6b954e /tools
parent	7fdfb67284a2f93b13c008e69ff04f462e45c791 (diff)