From 18ff3e7b6aaa980f82b9946829d23c75ea0788ea Mon Sep 17 00:00:00 2001
From: DDoSolitary <DDoSolitary@gmail.com>
Date: Thu, 13 Dec 2018 17:25:16 +0800
Subject: [PATCH 1/3] Remove "+ 1" for MAX_RADIOTAP_FIELD.

current_flags_ starts from 0.
---
 src/utils/radiotap_parser.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/utils/radiotap_parser.cpp b/src/utils/radiotap_parser.cpp
index 8c9abb3..bec3f95 100644
--- a/src/utils/radiotap_parser.cpp
+++ b/src/utils/radiotap_parser.cpp
@@ -65,7 +65,7 @@ const RadioTapParser::FieldMetadata RadioTapParser::RADIOTAP_METADATA[] = {
 };
 
 const uint32_t RadioTapParser::MAX_RADIOTAP_FIELD = sizeof(RADIOTAP_METADATA) /
-                                                    sizeof(FieldMetadata) + 1;
+                                                    sizeof(FieldMetadata);
 
 #if TINS_IS_LITTLE_ENDIAN
 TINS_BEGIN_PACK

From b949e56d15e8bd83dd24cb959eba7c538ed08c7c Mon Sep 17 00:00:00 2001
From: DDoSolitary <DDoSolitary@gmail.com>
Date: Mon, 24 Dec 2018 15:20:30 +0800
Subject: [PATCH 2/3] Remove the overflow check in align_buffer().

Reasons stated in https://github.com/mfontanini/libtins/pull/320#discussion_r242049560.
---
 src/utils/radiotap_parser.cpp | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/utils/radiotap_parser.cpp b/src/utils/radiotap_parser.cpp
index bec3f95..84e4ead 100644
--- a/src/utils/radiotap_parser.cpp
+++ b/src/utils/radiotap_parser.cpp
@@ -135,9 +135,6 @@ void align_buffer(const uint8_t* buffer_start, const uint8_t*& buffer, uint32_t
     uint32_t offset = (buffer - buffer_start) & (n - 1);
     if (offset) {
         offset = n - offset;
-        if (TINS_UNLIKELY(offset > size)) {
-            throw malformed_packet();
-        }
         buffer += offset;
     }
 }

From 6c92bcdad163ca7c27e3b58e16cebd305563589b Mon Sep 17 00:00:00 2001
From: DDoSolitary <DDoSolitary@gmail.com>
Date: Tue, 25 Dec 2018 10:38:44 +0800
Subject: [PATCH 3/3] Clarify pointer's validity for documentation of
 current_option_ptr().

---
 include/tins/utils/radiotap_parser.h | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/include/tins/utils/radiotap_parser.h b/include/tins/utils/radiotap_parser.h
index 1651173..0a5150e 100644
--- a/include/tins/utils/radiotap_parser.h
+++ b/include/tins/utils/radiotap_parser.h
@@ -114,7 +114,11 @@ public:
     RadioTap::option current_option();
 
     /**
-     * Gets the pointer at which the current option is located
+     * \brief Gets the pointer at which the current option is located
+     *
+     * A past-the-end pointer may be returned in case of malformed input or
+     * end of data. Its validity must be checked (e.g. using
+     * \ref RadioTapParser.has_fields) before dereference.
      */
     const uint8_t* current_option_ptr() const;