diff options
| author | Vadim Yanitskiy <vyanitskiy@sysmocom.de> | 2021-11-17 06:36:38 +0300 |
|---|---|---|
| committer | fixeria <vyanitskiy@sysmocom.de> | 2021-11-18 13:11:20 +0000 |
| commit | 8a55a6c57152c5176af06a0d4c4ef0c515ab1050 (patch) | |
| tree | 11684d22a6f0c6e5db34e1001bb89361defd32e6 /tests | |
| parent | de3549a23456a4bfd2584e3566a2a97a0c0f82c1 (diff) | |
bitvec_read_field(): fix incorrect bit-shift issue found by UBSan
While running a sanitized version of the bitvec_test I get:
bitvec.c:492:24: runtime error: shift exponent 64 is too large
for 64-bit type 'long unsigned int'
This error is triggered by the following line in the bitvec_test:
_bitvec_read_field(0, 8 * 8 + 1); /* too many bits */
which basically tries to parse more bits (65) than the test vector
actually has (64). The problem is that we don't check if the
given vector has enough data *before* entering the parsing loop,
so we end up doing weird bit-shifts and getting weird values:
bitvec_read_field(idx=0, len=65) => bd5b7ddffdd7b5db (error)
Unfortunately, this problem remained unnoticed so far because in
'tests/testsuite.at' we don't check if stderr is empty. This is
fixed in a follow up change [1].
Rather than checking for errors in every loop iteration, do this
once and return early if the overrun is possible with the given
offset and length arguments.
Change-Id: I4deeabba7ebb720cdbe7c85b37bc011d05bdfa65
Related: [1] Ia82b92eddb18dc596881abcef2f098dc7385538b
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/bitvec/bitvec_test.ok | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/bitvec/bitvec_test.ok b/tests/bitvec/bitvec_test.ok index a0e31d3f..d87ac7e0 100644 --- a/tests/bitvec/bitvec_test.ok +++ b/tests/bitvec/bitvec_test.ok @@ -185,7 +185,7 @@ bitvec_read_field(idx=10, len=5) => 16 (success) bitvec_read_field(idx=10, len=3) => 5 (success) bitvec_read_field(idx=10, len=1) => 1 (success) bitvec_read_field(idx=512, len=16) => 0 (error) -bitvec_read_field(idx=0, len=65) => bd5b7ddffdd7b5db (error) +bitvec_read_field(idx=0, len=65) => 0 (error) bitvec_read_field(idx=64, len=16) => 0 (error) bitvec ok. |