diff options
author | Evan Huus <eapache@gmail.com> | 2014-01-24 20:48:55 +0000 |
---|---|---|
committer | Evan Huus <eapache@gmail.com> | 2014-01-24 20:48:55 +0000 |
commit | a7ea59488d95d51388fde931f35c9e211843175d (patch) | |
tree | 8a3b0cf5059aa8616b1b0f0a473b374ca3333eee /plugins/wimax/wimax_bits.h | |
parent | 5be35448f6daeee93010ceaa306b4c78ee29dd36 (diff) |
The wimax plugin primarily uses tvb_get_ptr buffer accesses instead of the
safe accessor functions, and it's all done via scary bit-twiddling macros to
boot.
Create the macros TVB_NIB_WORD and TVB_NIB_NIBBLE that (should) behave just
like the raw-pointer NIB_WORD and NIB_NIBBLE macros, except using the safe tvb
functions instead.
Replace two instances with the safe versions, which fixes an out-of-bounds
access caught by my valgrind fuzzer. If this doesn't break anything then we
should probably do a wholesale replacement at some point, but I'm not feeling
that adventurous at the moment.
svn path=/trunk/; revision=54951
Diffstat (limited to 'plugins/wimax/wimax_bits.h')
-rw-r--r-- | plugins/wimax/wimax_bits.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/plugins/wimax/wimax_bits.h b/plugins/wimax/wimax_bits.h index 53b05b7e0c..7eca8f5fb2 100644 --- a/plugins/wimax/wimax_bits.h +++ b/plugins/wimax/wimax_bits.h @@ -55,6 +55,10 @@ (((n) & 1) \ ? (b)[(n)/2] & NIBBLE_MASK \ : ((b)[(n)/2] >> 4) & NIBBLE_MASK) +#define TVB_NIB_NIBBLE(n,t) \ + (((n) & 1) \ + ? tvb_get_guint8((t), (n)/2) & NIBBLE_MASK \ + : (tvb_get_guint8((t), (n)/2) >> 4) & NIBBLE_MASK) /* extract the byte at the given nibble address 'n' of buffer 'b' */ #define NIB_BYTE(n,b) \ @@ -78,6 +82,10 @@ : pletoh16((b) + (n)/2) ? (pletoh32((b)+(n)/2) >> 12) & 0x0000FFFF \ */ +#define TVB_NIB_WORD(n,t) \ + (n) & 1 \ + ? (gint)((tvb_get_ntohl((t), (n)/2) >> 12) & 0x0000FFFF) \ + : tvb_get_ntohs((t), (n)/2) /* extract the word at the given nibble address 'n' of buffer 'b' */ #define NIB_LONG(n,b) \ |