After all the parities are set to out[], p will increase beyond ctx->dp. This adds a check for it. This also adds assert() to make sure that we don't overrun the buffer. Signed-off-by: MORITA Kazutaka <morita.kazutaka at lab.ntt.co.jp> --- lib/fec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/fec.c b/lib/fec.c index 7d897e4..5d627f5 100644 --- a/lib/fec.c +++ b/lib/fec.c @@ -602,9 +602,10 @@ static inline void decode_prepare(struct fec *ctx, const uint8_t *dp[], out[i] = dp[i]; outidx[i] = i; } else { + assert(p < ctx->dp); out[i] = dp[p]; outidx[i] = p; - while (!dp[++p]) + while (++p < ctx->dp && !dp[p]) ; } } -- 1.7.10.4 |