BLAHAJ
/
libsigrok
10
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

output/csv: fix out-of-bounds array access in process_analog() 

Make sure to not exceed the ctx->analog_samples[] array bounds. Don't
use the (huge) channel's index in the device's(!) channel list, instead
use the zero-based and dense index into the array of analog samples in
the accumulation buffer, before writing to the external file.

This fixes the segfault reported in bug #1124.
This commit is contained in:
Gerhard Sittig 2018-03-04 19:12:29 +01:00 committed by Uwe Hermann
parent a551cb0927
commit 823b0e29ae
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/output/csv.c
View File

@ -312,6 +312,7 @@ static void process_analog(struct context *ctx,
int ret;
size_t num_rcvd_ch, num_have_ch;
size_t idx_have, idx_smpl, idx_rcvd;
size_t idx_send;
struct sr_analog_meaning *meaning;
GSList *l;
float *fdata = NULL;
@ -336,6 +337,7 @@ static void process_analog(struct context *ctx,
sr_warn("Problems converting data to floating point values.");
num_have_ch = ctx->num_analog_channels + ctx->num_logic_channels;
idx_send = 0;
for (idx_have = 0; idx_have < num_have_ch; idx_have++) {
if (ctx->channels[idx_have].ch->type != SR_CHANNEL_ANALOG)
continue;
@ -351,9 +353,10 @@ static void process_analog(struct context *ctx,
&ctx->channels[idx_have].label);
}
for (idx_smpl = 0; idx_smpl < analog->num_samples; idx_smpl++)
ctx->analog_samples[idx_smpl * ctx->num_analog_channels + idx_have] = fdata[idx_smpl * num_rcvd_ch + idx_rcvd];
ctx->analog_samples[idx_smpl * ctx->num_analog_channels + idx_send] = fdata[idx_smpl * num_rcvd_ch + idx_rcvd];
break;
}
idx_send++;
}
g_free(fdata);
}