From acaa8b3e8b80ccd49e04a6dc7d595d3a52d1ad0d Mon Sep 17 00:00:00 2001
From: Jan Niehusmann <jan@gondor.com>
Date: Tue, 30 Aug 2022 20:36:57 +0000
Subject: [PATCH] Fix calculation of slice index

total_len is already rounded up, so the `+ 3` is not needed.
And even if it was, the calculation should have been `((total_len + 3) / 4)`.

`(total_len + 3 / 4)` is equivalent to `total_len` and can overflow
the slice, leading to a panic which can easily be triggered by sending
large ICMP ECHO packets to the device.
---
 src/lib.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib.rs b/src/lib.rs
index 8f439cf2..34170a26 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -762,7 +762,7 @@ where
                 let bus = unsafe { &mut *bus };
                 async {
                     bus.write(&[cmd]).await?;
-                    bus.write(&buf[..(total_len + 3 / 4)]).await?;
+                    bus.write(&buf[..(total_len / 4)]).await?;
                     Ok(())
                 }
             })