hostapd: Fix static analyzer issue for CHAN_SWITCH 6 GHz bw

Static analyzer complains:
In hostapd_ctrl_check_freq_params(), Array 'bw_idx' of size 5
may use index value(s) 5.

The highest value that center_idx_to_bw_6ghz(idx) can currently return
is 4, so this is not really able to trigger read beyond the end of the
array. In any case, the bounds check is clearly incorrect and needs to
be fixed so that this is able to handle any potential future extension.

Fixes: 744295c8bc5a ("Add 6 GHz channel validation during channel switching")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index 7e7b6939b89615b13204f04a8a1ed82e970b6805..2edce5ae34b40da192c8bd8374eef6f560e9eedc 100644 (file)
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -2474,7 +2474,7 @@ static int hostapd_ctrl_check_freq_params(struct hostapd_freq_params *params,
                                idx = (params->center_freq1 - 5950) / 5;
 
                        bw = center_idx_to_bw_6ghz(idx);
-                       if (bw < 0 || bw > (int) ARRAY_SIZE(bw_idx) ||
+                       if (bw < 0 || bw >= (int) ARRAY_SIZE(bw_idx) ||
                            bw_idx[bw] != params->bandwidth)
                                return -1;
                }