Skip to content

Commit

Permalink
Fix bug resulting in read overflow of stack allocated buffer
Browse files Browse the repository at this point in the history 
The original ordering of the for loop's condition resulted in
the memcpy of 4 bytes being completed before the actual bounds
checking was done. During testing, due to the starting offset,
this resulted in reading two bytes beyond the `acc` buffer.
The end result would not cause any data corruption, but
triggered sanitizer checks during debug execution.
  • Loading branch information
@nirosys
nirosys committed Jun 29, 2022
1 parent bdb8fee commit 2365924
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion decNumber/decBasic.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2242,7 +2242,7 @@ decFloat * decFloatFMA(decFloat *result, const decFloat *dfl,
// all done except for the special IEEE 754 exact-zero-result
// rule (see above); while testing for zero, strip leading
// zeros (which will save decFinalize doing it)
for (; UBTOUI(lo->msd)==0 && lo->msd+3<lo->lsd;) lo->msd+=4;
for (; lo->msd+3<lo->lsd && UBTOUI(lo->msd)==0;) lo->msd+=4;
for (; *lo->msd==0 && lo->msd<lo->lsd;) lo->msd++;
if (*lo->msd==0) { // must be true zero (and diffsign)
lo->sign=0; // assume +
Expand Down

0 comments on commit 2365924

Please sign in to comment.