gnrc_sixlowpan_iphc: fix Out-of-bounds read

Coverty scan found this: > CID 298279 (#1 of 1): Out-of-bounds read (OVERRUN) > 21. overrun-local: Overrunning array of 16 bytes at byte offset 64 by dereferencing pointer The original intention was probably to advance the destination pointer by 4 bytes, not 4 * the destination type size.
kYc0o · Aug 11, 2020 · a9a0671 · a9a0671
1 parent b65c6ab
commit a9a0671
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/sys/net/gnrc/network_layer/sixlowpan/iphc/gnrc_sixlowpan_iphc.c b/sys/net/gnrc/network_layer/sixlowpan/iphc/gnrc_sixlowpan_iphc.c
@@ -417,7 +417,7 @@ static size_t _iphc_ipv6_decode(const uint8_t *iphc_hdr,
                 ipv6_hdr->dst.u8[1] = iphc_hdr[payload_offset++];
                 ipv6_hdr->dst.u8[2] = iphc_hdr[payload_offset++];
                 ipv6_hdr->dst.u8[3] = ctx->prefix_len;
-                ipv6_addr_init_prefix((ipv6_addr_t *)ipv6_hdr->dst.u8 + 4,
+                ipv6_addr_init_prefix((ipv6_addr_t *)(ipv6_hdr->dst.u8 + 4),
                                       &ctx->prefix, ctx->prefix_len);
                 memcpy(ipv6_hdr->dst.u8 + 12, iphc_hdr + payload_offset + 2, 4);