gsm48_rr: Don't overflow array boundary

Detected by Smatch:
src/host/layer23/src/mobile/gsm48_rr.c +3021 gsm48_rr_render_ma(89) warn: buffer overflow 'cd->freq_seq_lv' 10 <= 10
src/host/layer23/src/mobile/gsm48_rr.c +3023 gsm48_rr_render_ma(91) error: buffer overflow 'cd->freq_seq_lv' 10 <= 10

diff --git a/src/host/layer23/src/mobile/gsm48_rr.c b/src/host/layer23/src/mobile/gsm48_rr.c
index 13eb1fd..68116c5 100644 (file)
--- a/src/host/layer23/src/mobile/gsm48_rr.c
+++ b/src/host/layer23/src/mobile/gsm48_rr.c
@@ -3016,7 +3016,7 @@ static int gsm48_rr_render_ma(struct osmocom_ms *ms, struct gsm48_rr_cd *cd,
                LOGP(DRR, LOGL_INFO, "Listed Sequence ARFCN #%d: %s\n", j,
                        gsm_print_arfcn(arfcn | pcs));
                ma[j++] = arfcn;
-               for (i = 0; i <= 16; i++) {
+               for (i = 0; i < 16; i++) {
                        if ((i & 1))
                                inc = cd->freq_seq_lv[2 + (i >> 1)] & 0x0f;
                        else