aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeels Hofmeyr <neels@hofmeyr.de>2020-09-14 00:20:24 +0200
committerlaforge <laforge@osmocom.org>2020-09-14 11:53:46 +0000
commitc0ac4e37c90149785b6fa77a59bb609a46474582 (patch)
tree6d71813fe12f5116abec63dffcef34e3c81d2b21
parent6407c822ae0d45d047deb0dff095f028a90c1ecc (diff)
bitXXgen: ensure not reading/storing past valid size
Add OSMO_ASSERT()s to ensure bounds checking. For example, for osmo_store32le_ext(), passing n > 5 would read past the end of the uint32_t. Similarly, osmo_load32le_ext() for n > 4 would write past the uint32_t's end. Change-Id: I2dc21582cd8a679b6624cefbc0c1678b093a3d08
-rw-r--r--include/osmocom/core/bitXXgen.h.tpl6
1 files changed, 6 insertions, 0 deletions
diff --git a/include/osmocom/core/bitXXgen.h.tpl b/include/osmocom/core/bitXXgen.h.tpl
index 6881d87d..7e0ecd7f 100644
--- a/include/osmocom/core/bitXXgen.h.tpl
+++ b/include/osmocom/core/bitXXgen.h.tpl
@@ -22,6 +22,8 @@
#pragma once
+#include <osmocom/core/utils.h>
+
/*! load unaligned n-byte integer (little-endian encoding) into uintXX_t
* \param[in] p Buffer where integer is stored
* \param[in] n Number of bytes stored in p
@@ -32,6 +34,7 @@ static inline uintXX_t osmo_loadXXle_ext(const void *p, uint8_t n)
uint8_t i;
uintXX_t r = 0;
const uint8_t *q = (uint8_t *)p;
+ OSMO_ASSERT(n <= sizeof(r));
for(i = 0; i < n; r |= ((uintXX_t)q[i] << (8 * i)), i++);
return r;
}
@@ -46,6 +49,7 @@ static inline uintXX_t osmo_loadXXbe_ext(const void *p, uint8_t n)
uint8_t i;
uintXX_t r = 0;
const uint8_t *q = (uint8_t *)p;
+ OSMO_ASSERT(n <= sizeof(r));
for(i = 0; i < n; r |= ((uintXX_t)q[i] << (XX - 8* (1 + i))), i++);
return r;
}
@@ -60,6 +64,7 @@ static inline void osmo_storeXXle_ext(uintXX_t x, void *p, uint8_t n)
{
uint8_t i;
uint8_t *q = (uint8_t *)p;
+ OSMO_ASSERT(n <= sizeof(x));
for(i = 0; i < n; q[i] = (x >> i * 8) & 0xFF, i++);
}
@@ -72,6 +77,7 @@ static inline void osmo_storeXXbe_ext(uintXX_t x, void *p, uint8_t n)
{
uint8_t i;
uint8_t *q = (uint8_t *)p;
+ OSMO_ASSERT(n <= sizeof(x));
for(i = 0; i < n; q[i] = (x >> ((n - 1 - i) * 8)) & 0xFF, i++);
}