bitXXgen: ensure not reading/storing past valid size
Add OSMO_ASSERT()s to ensure bounds checking.
For example, for osmo_store32le_ext(), passing n > 5 would read past the end of
the uint32_t. Similarly, osmo_load32le_ext() for n > 4 would write past the
uint32_t's end.
Change-Id: I2dc21582cd8a679b6624cefbc0c1678b093a3d08
diff --git a/include/osmocom/core/bitXXgen.h.tpl b/include/osmocom/core/bitXXgen.h.tpl
index 6881d87..7e0ecd7 100644
--- a/include/osmocom/core/bitXXgen.h.tpl
+++ b/include/osmocom/core/bitXXgen.h.tpl
@@ -22,6 +22,8 @@
#pragma once
+#include <osmocom/core/utils.h>
+
/*! load unaligned n-byte integer (little-endian encoding) into uintXX_t
* \param[in] p Buffer where integer is stored
* \param[in] n Number of bytes stored in p
@@ -32,6 +34,7 @@
uint8_t i;
uintXX_t r = 0;
const uint8_t *q = (uint8_t *)p;
+ OSMO_ASSERT(n <= sizeof(r));
for(i = 0; i < n; r |= ((uintXX_t)q[i] << (8 * i)), i++);
return r;
}
@@ -46,6 +49,7 @@
uint8_t i;
uintXX_t r = 0;
const uint8_t *q = (uint8_t *)p;
+ OSMO_ASSERT(n <= sizeof(r));
for(i = 0; i < n; r |= ((uintXX_t)q[i] << (XX - 8* (1 + i))), i++);
return r;
}
@@ -60,6 +64,7 @@
{
uint8_t i;
uint8_t *q = (uint8_t *)p;
+ OSMO_ASSERT(n <= sizeof(x));
for(i = 0; i < n; q[i] = (x >> i * 8) & 0xFF, i++);
}
@@ -72,6 +77,7 @@
{
uint8_t i;
uint8_t *q = (uint8_t *)p;
+ OSMO_ASSERT(n <= sizeof(x));
for(i = 0; i < n; q[i] = (x >> ((n - 1 - i) * 8)) & 0xFF, i++);
}