A typo leading to an array overrun
V557 Array overrun is possible. The ‘5’ index is pointing beyond array bound. dnatfile.c 444
uns rgwSpare0 [5]; DumpHeader() { .... printUns ("rgwSpare0[0] = ", Fib.rgwSpare0[5], 0, 0, fTrue); printUns ("rgwSpare0[1] = ", Fib.rgwSpare0[1], 1, 1, fTrue); printUns ("rgwSpare0[2] = ", Fib.rgwSpare0[2], 0, 0, fTrue); printUns ("rgwSpare0[3] = ", Fib.rgwSpare0[3], 1, 1, fTrue); printUns ("rgwSpare0[4] = ", Fib.rgwSpare0[4], 2, 2, fTrue); .... }
It turned out that the first line for some reason contains the text Fib.rgwSpare0[5]. That’s incorrect: there are just 5 items in the array, therefore the largest index should be 4. The value ‘5’ is just a typo. A zero index should have most likely been used in the first string.
Please click here to see more bugs from this project.