libosmocore

History

Vadim Yanitskiy 8a55a6c571 bitvec_read_field(): fix incorrect bit-shift issue found by UBSan While running a sanitized version of the bitvec_test I get: bitvec.c:492:24: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int' This error is triggered by the following line in the bitvec_test: _bitvec_read_field(0, 8 * 8 + 1); /* too many bits / which basically tries to parse more bits (65) than the test vector actually has (64). The problem is that we don't check if the given vector has enough data before* entering the parsing loop, so we end up doing weird bit-shifts and getting weird values: bitvec_read_field(idx=0, len=65) => bd5b7ddffdd7b5db (error) Unfortunately, this problem remained unnoticed so far because in 'tests/testsuite.at' we don't check if stderr is empty. This is fixed in a follow up change [1]. Rather than checking for errors in every loop iteration, do this once and return early if the overrun is possible with the given offset and length arguments. Change-Id: I4deeabba7ebb720cdbe7c85b37bc011d05bdfa65 Related: [1] Ia82b92eddb18dc596881abcef2f098dc7385538b	2021-11-18 13:11:20 +00:00
..
bitvec_test.c	bitvec_read_field(): indicate errors using errno	2021-11-18 13:11:20 +00:00
bitvec_test.ok	bitvec_read_field(): fix incorrect bit-shift issue found by UBSan	2021-11-18 13:11:20 +00:00

Vadim Yanitskiy 8a55a6c571 bitvec_read_field(): fix incorrect bit-shift issue found by UBSan

While running a sanitized version of the bitvec_test I get:

  bitvec.c:492:24: runtime error: shift exponent 64 is too large
                                  for 64-bit type 'long unsigned int'

This error is triggered by the following line in the bitvec_test:

  _bitvec_read_field(0, 8 * 8 + 1); /* too many bits */

which basically tries to parse more bits (65) than the test vector
actually has (64).  The problem is that we don't check if the
given vector has enough data *before* entering the parsing loop,
so we end up doing weird bit-shifts and getting weird values:

  bitvec_read_field(idx=0, len=65) => bd5b7ddffdd7b5db (error)

Unfortunately, this problem remained unnoticed so far because in
'tests/testsuite.at' we don't check if stderr is empty.  This is
fixed in a follow up change [1].

Rather than checking for errors in every loop iteration, do this
once and return early if the overrun is possible with the given
offset and length arguments.

Change-Id: I4deeabba7ebb720cdbe7c85b37bc011d05bdfa65
Related: [1] Ia82b92eddb18dc596881abcef2f098dc7385538b

2021-11-18 13:11:20 +00:00

bitvec_test.c

bitvec_read_field(): indicate errors using errno

2021-11-18 13:11:20 +00:00

bitvec_test.ok

bitvec_read_field(): fix incorrect bit-shift issue found by UBSan

2021-11-18 13:11:20 +00:00