memory OOB issue on Windows and with non-standard allocators; by Sheng Yu
git-svn-id: https://asn1c.svn.sourceforge.net/svnroot/asn1c/trunk@1407 59561ff5-6e30-0410-9f3c-9617f08c8826
diff --git a/ChangeLog b/ChangeLog
index d5739e3..4e8a038 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,5 @@
-0.9.22: 2007-Jun-29
+0.9.22: 2008-Nov-19
* Added -pdu=all and -pdu=<type> switches to asn1c.
* Added PER support for most known-multiplier string types:
@@ -18,6 +18,9 @@
* Added DEFAULT handling for known multiplier string.
* Added a sample OMA ULP decoder (./examples/sample.source.ULP).
* Added full-width 32-bit integer encoding support in PER.
+ * Fixed 1-byte OOB write issue with non-standard and Windows
+ memory allocators (Severity: low; Security impact: medium).
+ Reported by Sheng Yu.
0.9.21: 2006-Sep-17
diff --git a/skeletons/INTEGER.c b/skeletons/INTEGER.c
index 54a402b..f016131 100644
--- a/skeletons/INTEGER.c
+++ b/skeletons/INTEGER.c
@@ -868,8 +868,8 @@
end = buf + (sizeof(value) + 1);
buf[0] = 0;
- for(b = buf, shr = (sizeof(long)-1)*8; b < end; shr -= 8)
- *(++b) = (uint8_t)(value >> shr);
+ for(b = buf + 1, shr = (sizeof(long)-1)*8; b < end; shr -= 8, b++)
+ *b = (uint8_t)(value >> shr);
if(st->buf) FREEMEM(st->buf);
st->buf = buf;