github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 05:43:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

mem leak out of bounds

Browse source
This commit is contained in:
iceman1001 2020-10-06 21:35:40 +02:00
commit 26f7f07120
1 changed files with 20 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

32
client/src/cmdhfmfhard.c
View file

@ -143,12 +143,10 @@ static inline void clear_bitarray24(uint32_t *bitarray) {
memset(bitarray, 0x00, sizeof(uint32_t) * (1 << 19)); memset(bitarray, 0x00, sizeof(uint32_t) * (1 << 19));
} }
static inline void set_bitarray24(uint32_t *bitarray) { static inline void set_bitarray24(uint32_t *bitarray) {
memset(bitarray, 0xff, sizeof(uint32_t) * (1 << 19)); memset(bitarray, 0xff, sizeof(uint32_t) * (1 << 19));
} }
static inline void set_bit24(uint32_t *bitarray, uint32_t index) { static inline void set_bit24(uint32_t *bitarray, uint32_t index) {
bitarray[index >> 5] |= 0x80000000 >> (index & 0x0000001f); bitarray[index >> 5] |= 0x80000000 >> (index & 0x0000001f);
} }
@ -157,36 +155,46 @@ static inline uint32_t test_bit24(uint32_t *bitarray, uint32_t index) {
return bitarray[index >> 5] & (0x80000000 >> (index & 0x0000001f)); return bitarray[index >> 5] & (0x80000000 >> (index & 0x0000001f));
} }
static inline uint32_t next_state(uint32_t *bitarray, uint32_t state) { static inline uint32_t next_state(uint32_t *bitarray, uint32_t state) {
if (++state == 1 << 24) return 1 << 24; if (++state == (1 << 24)) {
return (1 << 24);
}
uint32_t index = state >> 5; uint32_t index = state >> 5;
uint_fast8_t bit = state & 0x1f; uint_fast8_t bit = state & 0x1F;
uint32_t line = bitarray[index] << bit; uint32_t line = bitarray[index] << bit;
while (bit <= 0x1f) {
if (line & 0x80000000) return state; while (bit <= 0x1F) {
if (line & 0x80000000) {
return state;
}
state++; state++;
bit++; bit++;
line <<= 1; line <<= 1;
} }
index++; index++;
while (bitarray[index] == 0x00000000 && state < 1 << 24) { while (state < (1 << 24) && bitarray[index] == 0x00000000 ) {
index++; index++;
state += 0x20; state += 0x20;
} }
if (state >= 1 << 24) return 1 << 24;
if (state >= (1 << 24)) {
return (1 << 24);
}
#if defined __GNUC__ #if defined __GNUC__
return state + __builtin_clz(bitarray[index]); return state + __builtin_clz(bitarray[index]);
#else #else
bit = 0x00; bit = 0x00;
line = bitarray[index]; line = bitarray[index];
while (bit <= 0x1f) { while (bit <= 0x1F) {
if (line & 0x80000000) return state; if (line & 0x80000000) {
return state;
}
state++; state++;
bit++; bit++;
line <<= 1; line <<= 1;
} }
return 1 << 24; return (1 << 24);
#endif #endif
} }