niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

out-of-bounds write nn_bitset_one w multiple of 32

Browse source 
nn_bitset_one sets the specified number of bits by first memset'ing the
words, then clearing bits set in a final partial word.  It mishandled
the case where the number of bits is a multiple of 32, clearing the
entire word following the last one it was to touch.

Signed-off-by: Erik Boasson <eb@ilities.com>
This commit is contained in:
Erik Boasson 2019-05-02 11:14:07 +08:00 committed by eboasson
parent dc7b64396b
commit 23fe452967
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/core/ddsi/include/dds/ddsi/q_bitset.h
View file

@ -49,6 +49,7 @@ inline void nn_bitset_one (uint32_t numbits, uint32_t *bits)
memset (bits, 0xff, 4 * ((numbits + 31) / 32));
/* clear bits "accidentally" set */
if ((numbits % 32) != 0)
{
const uint32_t k = numbits / 32;
const uint32_t n = numbits % 32;