From 135c8f050f7f0145b54d952b38ca73eb0d1060cf Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Sat, 28 Nov 2015 10:54:16 +0100
Subject: vwr: fix buffer overrun in getRate

Bug: 11789
Change-Id: Ieba9f32928b91be5d07b25bf54005155f7cc79f6
Reviewed-on: https://code.wireshark.org/review/12261
Reviewed-by: Michael Mann <mmann78@netscape.net>
---
 wiretap/vwr.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/wiretap/vwr.c b/wiretap/vwr.c
index 6f082a5f4c..3b9659322d 100644
--- a/wiretap/vwr.c
+++ b/wiretap/vwr.c
@@ -2273,7 +2273,10 @@ static float getRate( guint8 plcpType, guint8 mcsIndex, guint16 rflags, guint8 n
     float symbol_tx_time, bitrate  = 0.0f;
 
     if (plcpType == 0)
-        bitrate =  canonical_rate_legacy[mcsIndex];
+    {
+        if (mcsIndex < G_N_ELEMENTS(canonical_rate_legacy))
+            bitrate =  canonical_rate_legacy[mcsIndex];
+    }
     else if (plcpType == 1 || plcpType == 2)
     {
         if ( rflags & FLAGS_CHAN_SHORTGI)
@@ -2295,8 +2298,8 @@ static float getRate( guint8 plcpType, guint8 mcsIndex, guint16 rflags, guint8 n
         else
             symbol_tx_time = 4.0f;
 
-    /* Check for the out of range mcsIndex.  Should never happen, but if mcs index is greater than 9 assume 9 is the value */
-    if (mcsIndex > 9) mcsIndex = 9;
+        /* Check for the out of range mcsIndex.  Should never happen, but if mcs index is greater than 9 assume 9 is the value */
+        if (mcsIndex > 9) mcsIndex = 9;
         if ( rflags & FLAGS_CHAN_40MHZ )
             bitrate = (canonical_ndbps_40_vht[ mcsIndex ] * nss) / symbol_tx_time;
         else if (rflags & FLAGS_CHAN_80MHZ )
-- 
cgit v1.2.1