Gleb Natapov <g...@redhat.com> writes:
> Properly check array bounds before accessing array element.
Impact?
Apply to stable as well?
> Signed-off-by: Gleb Natapov <g...@redhat.com>
> diff --git a/hw/usb-net.c b/hw/usb-net.c
> index 70f9263..84e2d79 100644
> --- a/hw/usb-net.c
> +++ b/hw/usb-net.c
> @@ -1142,7 +1142,7 @@ static int usb_net_handle_control(USBDevice *dev, int
> request, int value,
> break;
>
> default:
> - if (usb_net_stringtable[value & 0xff]) {
> + if (ARRAY_SIZE(usb_net_stringtable) > (value & 0xff)) {
> ret = set_usb_string(data,
> usb_net_stringtable[value & 0xff]);
> break;
Makes sense.
Nitpick: LIMIT > INDEX looks unusual to me; INDEX < LIMIT is more
common.
