From 90e97df31395ece701c0a4b3bd28249dc4e38b3e Mon Sep 17 00:00:00 2001
From: Michael Mann <mmann78@netscape.net>
Date: Wed, 13 Jul 2016 18:42:14 -0400
Subject: packet-ieee80211-radio.c: Prevent array overflow.

Found by VS Code Analysis.

Change-Id: Idab6cb5496749ebff47466b20a9a665b1574565d
Reviewed-on: https://code.wireshark.org/review/16421
Reviewed-by: Michael Mann <mmann78@netscape.net>
---
 epan/dissectors/packet-ieee80211-radio.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'epan/dissectors/packet-ieee80211-radio.c')

diff --git a/epan/dissectors/packet-ieee80211-radio.c b/epan/dissectors/packet-ieee80211-radio.c
index 5984370e4a..adb6e4ef1a 100644
--- a/epan/dissectors/packet-ieee80211-radio.c
+++ b/epan/dissectors/packet-ieee80211-radio.c
@@ -633,7 +633,7 @@ dissect_wlan_radio_phdr (tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree,
                * If we can calculate the data rate for this user, do so.
                */
               if (can_calculate_rate && info_ac->mcs[i] <= MAX_MCS_VHT_INDEX &&
-                  info_ac->nss[i] <= MAX_VHT_NSS &&
+                  info_ac->nss[i] < MAX_VHT_NSS &&
                   ieee80211_vhtvalid[info_ac->mcs[i]].valid[bandwidth][info_ac->nss[i]]) {
                 data_rate = ieee80211_vhtrate(info_ac->mcs[i], bandwidth, info_ac->short_gi) * info_ac->nss[i];
                 if (data_rate != 0.0f) {
-- 
cgit v1.2.1