diff options
author | Neels Hofmeyr <neels@hofmeyr.de> | 2020-09-14 00:20:24 +0200 |
---|---|---|
committer | laforge <laforge@osmocom.org> | 2020-09-14 11:53:46 +0000 |
commit | c0ac4e37c90149785b6fa77a59bb609a46474582 (patch) | |
tree | 6d71813fe12f5116abec63dffcef34e3c81d2b21 /include/osmocom/core | |
parent | 6407c822ae0d45d047deb0dff095f028a90c1ecc (diff) |
bitXXgen: ensure not reading/storing past valid size
Add OSMO_ASSERT()s to ensure bounds checking.
For example, for osmo_store32le_ext(), passing n > 5 would read past the end of
the uint32_t. Similarly, osmo_load32le_ext() for n > 4 would write past the
uint32_t's end.
Change-Id: I2dc21582cd8a679b6624cefbc0c1678b093a3d08
Diffstat (limited to 'include/osmocom/core')
-rw-r--r-- | include/osmocom/core/bitXXgen.h.tpl | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/osmocom/core/bitXXgen.h.tpl b/include/osmocom/core/bitXXgen.h.tpl index 6881d87d..7e0ecd7f 100644 --- a/include/osmocom/core/bitXXgen.h.tpl +++ b/include/osmocom/core/bitXXgen.h.tpl @@ -22,6 +22,8 @@ #pragma once +#include <osmocom/core/utils.h> + /*! load unaligned n-byte integer (little-endian encoding) into uintXX_t * \param[in] p Buffer where integer is stored * \param[in] n Number of bytes stored in p @@ -32,6 +34,7 @@ static inline uintXX_t osmo_loadXXle_ext(const void *p, uint8_t n) uint8_t i; uintXX_t r = 0; const uint8_t *q = (uint8_t *)p; + OSMO_ASSERT(n <= sizeof(r)); for(i = 0; i < n; r |= ((uintXX_t)q[i] << (8 * i)), i++); return r; } @@ -46,6 +49,7 @@ static inline uintXX_t osmo_loadXXbe_ext(const void *p, uint8_t n) uint8_t i; uintXX_t r = 0; const uint8_t *q = (uint8_t *)p; + OSMO_ASSERT(n <= sizeof(r)); for(i = 0; i < n; r |= ((uintXX_t)q[i] << (XX - 8* (1 + i))), i++); return r; } @@ -60,6 +64,7 @@ static inline void osmo_storeXXle_ext(uintXX_t x, void *p, uint8_t n) { uint8_t i; uint8_t *q = (uint8_t *)p; + OSMO_ASSERT(n <= sizeof(x)); for(i = 0; i < n; q[i] = (x >> i * 8) & 0xFF, i++); } @@ -72,6 +77,7 @@ static inline void osmo_storeXXbe_ext(uintXX_t x, void *p, uint8_t n) { uint8_t i; uint8_t *q = (uint8_t *)p; + OSMO_ASSERT(n <= sizeof(x)); for(i = 0; i < n; q[i] = (x >> ((n - 1 - i) * 8)) & 0xFF, i++); } |