[src/trunk]: src/lib/libusbhid Fix buffer-overrun/off-by-one in hid_set_data(3).

[jakllsch <jakllsch%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/0987d42b1e52
branches:  trunk
changeset: 342752:0987d42b1e52
user:      jakllsch <jakllsch%NetBSD.org@localhost>
date:      Thu Jan 07 19:49:45 2016 +0000

description:
Fix buffer-overrun/off-by-one in hid_set_data(3).

(The tests only detected this as a problem on ARMv7, not i386.)

diffstat:

 lib/libusbhid/data.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (27 lines):

diff -r 606ad8c08926 -r 0987d42b1e52 lib/libusbhid/data.c
--- a/lib/libusbhid/data.c      Thu Jan 07 19:49:25 2016 +0000
+++ b/lib/libusbhid/data.c      Thu Jan 07 19:49:45 2016 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: data.c,v 1.7 2016/01/01 22:59:12 jakllsch Exp $        */
+/*     $NetBSD: data.c,v 1.8 2016/01/07 19:49:45 jakllsch Exp $        */
 
 /*
  * Copyright (c) 1999 Lennart Augustsson <augustss%NetBSD.org@localhost>
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: data.c,v 1.7 2016/01/01 22:59:12 jakllsch Exp $");
+__RCSID("$NetBSD: data.c,v 1.8 2016/01/07 19:49:45 jakllsch Exp $");
 
 #include <assert.h>
 #include <stdlib.h>
@@ -95,7 +95,7 @@
        offs = hpos / 8;
        end = (hpos + hsize) / 8 - offs;
 
-       for (i = 0; i <= end; i++)
+       for (i = 0; i < end; i++)
                buf[offs + i] = (buf[offs + i] & ((uint32_t)mask >> (i*8))) |
                        (((uint32_t)data >> (i*8)) & 0xff);
 }