From 9078b2baf14642a36cd2edca5999f9e3c435cbba Mon Sep 17 00:00:00 2001 From: Andre Puschmann Date: Thu, 12 Dec 2019 15:11:28 +0100 Subject: [PATCH] rlc_am: add check to prevent out of bounds access --- lib/src/upper/rlc_am_lte.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/src/upper/rlc_am_lte.cc b/lib/src/upper/rlc_am_lte.cc index 84d305006..a3aa4ee7a 100644 --- a/lib/src/upper/rlc_am_lte.cc +++ b/lib/src/upper/rlc_am_lte.cc @@ -1605,7 +1605,7 @@ int rlc_am_lte::rlc_am_lte_rx::get_status_pdu(rlc_status_pdu_t* status, const ui // make sure we don't exceed grant size if (rlc_am_packed_length(status) > max_pdu_size) { log->debug("Status PDU too big (%d > %d)\n", rlc_am_packed_length(status), max_pdu_size); - if (status->N_nack >= 1) { + if (status->N_nack >= 1 && status->N_nack < RLC_AM_WINDOW_SIZE) { log->debug("Removing last NACK SN=%d\n", status->nacks[status->N_nack].nack_sn); status->N_nack--; // make sure we don't have the current ACK_SN in the NACK list