core/bits: Prevent osmo_revbytebits_buf stack trashing
The second loop in osmo_revbytebits_buf() in src/bits.c grabs
4 bytes each iteration, which can easily go past the supplied
input in some cases.
Compiled with -fstack-protector , I get a "stack smashing detected"
in the bits test.
From: Nils O. SelÄsdal <noselasd@fiane.dyndns.org>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
diff --git a/src/bits.c b/src/bits.c
index 4c67bdd..a159fc9 100644
--- a/src/bits.c
+++ b/src/bits.c
@@ -173,7 +173,7 @@
return;
}
- for (i = unaligned_cnt; i < len; i += 4) {
+ for (i = unaligned_cnt; i + 3 < len; i += 4) {
uint32_t *cur = (uint32_t *) (buf + i);
*cur = osmo_revbytebits_32(*cur);
len_remain -= 4;