From 3f3363177d5cc1efc8fcfc70e1feed7a293da2d4 Mon Sep 17 00:00:00 2001
From: Quincey Koziol <koziol@koziol.gov>
Date: Sat, 25 Apr 2020 22:52:52 -0500
Subject: Range check # of 'extra' command-line parameters against array size.

---
 tools/src/misc/h5debug.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/tools/src/misc/h5debug.c b/tools/src/misc/h5debug.c
index 1b8d460..e9a783b 100644
--- a/tools/src/misc/h5debug.c
+++ b/tools/src/misc/h5debug.c
@@ -335,7 +335,15 @@ main(int argc, char *argv[])
     /* Extra arguments for primary data structure */
     HDmemset(extra, 0, sizeof(extra));
     if(argc > 3) {
-        extra_count = argc - 3;         /* Number of extra arguments */
+        /* Number of extra arguments */
+        extra_count = argc - 3;
+
+        /* Range check against 'extra' array size */
+        if(extra_count > (int)(sizeof(extra) / sizeof(haddr_t))) {
+            HDfprintf(stderr, "\nWARNING: Only using first %d extra parameters\n\n", (int)(sizeof(extra) / sizeof(haddr_t)));
+            extra_count = (int)(sizeof(extra) / sizeof(haddr_t));
+        } /* end if */
+
         for(u = 0; u < (size_t)extra_count; u++)
             extra[u] = (haddr_t)HDstrtoll(argv[u + 3], NULL, 0);
     } /* end if */
-- 
cgit v0.12