Closed lzaoral closed 3 years ago
Found by static analysis:
Expression (UAC_FORMAT_TYPE_I << 12) + ARRAY_LEN(audio_data_format_type_i) evaluates to 6 which is the length of the audio_data_format_type_i array. Therefore, if value is set to 6, the condition evaluates to true and ouf-of-bound read could occur.
(UAC_FORMAT_TYPE_I << 12) + ARRAY_LEN(audio_data_format_type_i)
audio_data_format_type_i
Found by static analysis:
Expression
(UAC_FORMAT_TYPE_I << 12) + ARRAY_LEN(audio_data_format_type_i)evaluates to 6 which is the length of theaudio_data_format_type_iarray. Therefore, if value is set to 6, the condition evaluates to true and ouf-of-bound read could occur.