core/bits: Prevent osmo_revbytebits_buf stack trashing

The second loop in osmo_revbytebits_buf() in src/bits.c grabs 4 bytes each iteration, which can easily go past the supplied input in some cases. Compiled with -fstack-protector , I get a "stack smashing detected" in the bits test. From: Nils O. Selåsdal <noselasd@fiane.dyndns.org> Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
author: Sylvain Munaut <tnt@246tNt.com> 2013-01-03 09:36:16 +0100
committer: Sylvain Munaut <tnt@246tNt.com> 2013-01-03 09:37:16 +0100
commit: 01e06046379350aa9090ef785a9b0fe2ca03ce23 (patch)
tree: 3f00aff06e671a0307acbe1c1d29a7420e54561f
parent: 13bb169d71a7eff694b8a2ba24497ee08c73a090 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/bits.c b/src/bits.c
index 4c67bddb..a159fc96 100644
--- a/src/bits.c
+++ b/src/bits.c
@@ -173,7 +173,7 @@ void osmo_revbytebits_buf(uint8_t *buf, int len)
 			return;
 	}
 
-	for (i = unaligned_cnt; i < len; i += 4) {
+	for (i = unaligned_cnt; i + 3 < len; i += 4) {
 		uint32_t *cur = (uint32_t *) (buf + i);
 		*cur = osmo_revbytebits_32(*cur);
 		len_remain -= 4;
author	Sylvain Munaut <tnt@246tNt.com>	2013-01-03 09:36:16 +0100
committer	Sylvain Munaut <tnt@246tNt.com>	2013-01-03 09:37:16 +0100
commit	01e06046379350aa9090ef785a9b0fe2ca03ce23 (patch)
tree	3f00aff06e671a0307acbe1c1d29a7420e54561f
parent	13bb169d71a7eff694b8a2ba24497ee08c73a090 (diff)