From 26f7f07120720f945b15370d82189ffb6170975c Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 6 Oct 2020 21:35:40 +0200 Subject: [PATCH] mem leak out of bounds --- client/src/cmdhfmfhard.c | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/client/src/cmdhfmfhard.c b/client/src/cmdhfmfhard.c index 3d378322e..cea704d7f 100644 --- a/client/src/cmdhfmfhard.c +++ b/client/src/cmdhfmfhard.c @@ -143,12 +143,10 @@ static inline void clear_bitarray24(uint32_t *bitarray) { memset(bitarray, 0x00, sizeof(uint32_t) * (1 << 19)); } - static inline void set_bitarray24(uint32_t *bitarray) { memset(bitarray, 0xff, sizeof(uint32_t) * (1 << 19)); } - static inline void set_bit24(uint32_t *bitarray, uint32_t index) { bitarray[index >> 5] |= 0x80000000 >> (index & 0x0000001f); } @@ -157,36 +155,46 @@ static inline uint32_t test_bit24(uint32_t *bitarray, uint32_t index) { return bitarray[index >> 5] & (0x80000000 >> (index & 0x0000001f)); } - static inline uint32_t next_state(uint32_t *bitarray, uint32_t state) { - if (++state == 1 << 24) return 1 << 24; + if (++state == (1 << 24)) { + return (1 << 24); + } + uint32_t index = state >> 5; - uint_fast8_t bit = state & 0x1f; + uint_fast8_t bit = state & 0x1F; uint32_t line = bitarray[index] << bit; - while (bit <= 0x1f) { - if (line & 0x80000000) return state; + + while (bit <= 0x1F) { + if (line & 0x80000000) { + return state; + } state++; bit++; line <<= 1; } index++; - while (bitarray[index] == 0x00000000 && state < 1 << 24) { + while (state < (1 << 24) && bitarray[index] == 0x00000000 ) { index++; state += 0x20; } - if (state >= 1 << 24) return 1 << 24; + + if (state >= (1 << 24)) { + return (1 << 24); + } #if defined __GNUC__ return state + __builtin_clz(bitarray[index]); #else bit = 0x00; line = bitarray[index]; - while (bit <= 0x1f) { - if (line & 0x80000000) return state; + while (bit <= 0x1F) { + if (line & 0x80000000) { + return state; + } state++; bit++; line <<= 1; } - return 1 << 24; + return (1 << 24); #endif }