From 055d6b533486ee71ae0d9fb95ce9c923329909e4 Mon Sep 17 00:00:00 2001
From: Xiaoyin Liu <xiaoyinl@users.noreply.github.com>
Date: Fri, 8 Nov 2019 19:47:25 +0800
Subject: [PATCH] Fix potential buffer over-read in getTagAsString

If `tag` equals `_countof(SYMBOL_TAG_STRINGS)`, then this function
will read one element beyond the boundary of SYMBOL_TAG_STRINGS array.
---
 Ghidra/Features/PDB/src/pdb/cpp/symbol.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Ghidra/Features/PDB/src/pdb/cpp/symbol.cpp b/Ghidra/Features/PDB/src/pdb/cpp/symbol.cpp
index 09ca88dac5..c137933dfd 100644
--- a/Ghidra/Features/PDB/src/pdb/cpp/symbol.cpp
+++ b/Ghidra/Features/PDB/src/pdb/cpp/symbol.cpp
@@ -239,7 +239,7 @@ DWORD getTag(IDiaSymbol& symbol) {
 
 std::wstring getTagAsString(IDiaSymbol& symbol) {
 	const DWORD tag = getTag(symbol);
-	if (tag > _countof(SYMBOL_TAG_STRINGS))	{
+	if (tag > _countof(SYMBOL_TAG_STRINGS) - 1)	{
 		return L"";
 	}
 	return SYMBOL_TAG_STRINGS[tag];