core/bits: Prevent osmo_revbytebits_buf stack trashing The second loop in osmo_revbytebits_buf() in src/bits.c grabs 4 bytes each iteration, which can easily go past the supplied input in some cases. Compiled with -fstack-protector , I get a "stack smashing detected" in the bits test. From: Nils O. Selåsdal <noselasd@fiane.dyndns.org> Signed-off-by: Sylvain Munaut <tnt@246tNt.com>

commit: 01e06046379350aa9090ef785a9b0fe2ca03ce23 [log] [tgz]
author: Sylvain Munaut <tnt@246tNt.com> Thu Jan 03 09:36:16 2013 +0100
committer: Sylvain Munaut <tnt@246tNt.com> Thu Jan 03 09:37:16 2013 +0100
tree: 3f00aff06e671a0307acbe1c1d29a7420e54561f
parent: 13bb169d71a7eff694b8a2ba24497ee08c73a090 [diff]
diff --git a/src/bits.c b/src/bits.c
index 4c67bdd..a159fc9 100644
--- a/src/bits.c
+++ b/src/bits.c

@@ -173,7 +173,7 @@
 			return;
 	}
 
-	for (i = unaligned_cnt; i < len; i += 4) {
+	for (i = unaligned_cnt; i + 3 < len; i += 4) {
 		uint32_t *cur = (uint32_t *) (buf + i);
 		*cur = osmo_revbytebits_32(*cur);
 		len_remain -= 4;
commit	01e06046379350aa9090ef785a9b0fe2ca03ce23	[log] [tgz]
author	Sylvain Munaut <tnt@246tNt.com>	Thu Jan 03 09:36:16 2013 +0100
committer	Sylvain Munaut <tnt@246tNt.com>	Thu Jan 03 09:37:16 2013 +0100
tree	3f00aff06e671a0307acbe1c1d29a7420e54561f
parent	13bb169d71a7eff694b8a2ba24497ee08c73a090 [diff]