Giter Club home page Giter Club logo

bitfield-c's People

Contributors

cwbaldwin avatar duanjj0929 avatar genojaford avatar happyfacade avatar jstoke53 avatar kyle-kelly avatar peplin avatar pjt0620 avatar xelarellum avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

miaozhendaoren denravonska kyle-kelly guobaozi trungkiena6 atasoglou lmiori92 massimoliguori weiniuzhu chuweiteng advancedtelematic gwg-bhb ychbcdq faithfulkang fengtanshou syweather-elec chrisguyue zbqxyz vtppplusgo hello-yaowq ajuckler yhcasey opntr happyfacade lccgithub abhisheksanger stumhuang tinarmengineering xlrl thewandrr heliobicudo shinn14 fouad-asil gyjolovero pengrui2009 yzhang572172 t1oooo jjzhang166 asesidexiaoxi meetsable-euler manikantaraju alitelli vynohradovv canxue42 kontais tn-97 stackseayon chalot rotule666 neonkore shanyinshuiyue

bitfield-c's Issues

stack-buffer-overflow in copy_bits

When running make test with -fsanitize=address in CFLAGS and LDFLAGS, AddressSanitizer quickly finds a bug in copy_bits.

The issue seems to be the increment of source on line 72:

bitfield-c/src/bitfield/bitarray.c

Lines 72 to 73 in e5692e7

c = *source++ << bit_diff_left_shift;
c |= *source >> bit_diff_right_shift;

If source was already pointing at &source_origin[source_length - 1], then the read after the increment of source reads the next byte on the stack, out of bounds of the source array.

=== ASAN output below: ===

Running suite(s): bitfield
=================================================================
==166==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd9e915501 at pc 0x55df99f5bde0 bp 0x7ffd9e915420 sp 0x7ffd9e915418
READ of size 1 at 0x7ffd9e915501 thread T0
    #0 0x55df99f5bddf in copy_bits src/bitfield/bitarray.c:73
    #1 0x55df99f5cb8d in set_nibble src/bitfield/bitfield.c:103
    #2 0x55df99f58b24 in test_set_nibble tests/bitfield_tests.c:18
    #3 0x7f0fcda1cdcf  (/lib64/libcheck.so.0+0x5dcf)
    #4 0x7f0fcda1d40d in srunner_run_tagged (/lib64/libcheck.so.0+0x640d)
    #5 0x55df99f5b68e in main tests/bitfield_tests.c:141
    #6 0x7f0fcd24f6a2 in __libc_start_main (/lib64/libc.so.6+0x236a2)
    #7 0x55df99f5866d in _start (/workspace/lib/bitfield-c/build/tests/bitfield_tests.bin+0x666d)

Address 0x7ffd9e915501 is located in stack of thread T0 at offset 33 in frame
    #0 0x55df99f5cac8 in set_nibble src/bitfield/bitfield.c:102

  This frame has 1 object(s):
    [32, 33) 'value' (line 101) <== Memory access at offset 33 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow src/bitfield/bitarray.c:73 in copy_bits
Shadow bytes around the buggy address:
  0x100033d1aa50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100033d1aa60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100033d1aa70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100033d1aa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100033d1aa90: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x100033d1aaa0:[01]f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
  0x100033d1aab0: 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00 00 00
  0x100033d1aac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100033d1aad0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100033d1aae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100033d1aaf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==166==ABORTING
ERROR in test build/tests/bitfield_tests.bin:

$ gcc --version
gcc (GCC) 10.1.0
Copyright (C) 2020 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Bug in macro "PREPARE_FIRST_COPY"

Add test case in "test_set_bitfield":
.....
START_TEST (test_set_bitfield)
{
uint8_t data[4] = {0};
fail_unless(set_bitfield(0x12, 0, 8, data, sizeof(data)));
fail_unless(set_bitfield(bitmask(3), 10, 3, data, sizeof(data)));
ck_assert_int_eq(data[0], 0x12);
ck_assert_int_eq(data[1], 0x38);
// Add test case
fail_unless(set_bitfield(0x1, 23, 1, data, sizeof(data)));
ck_assert_int_eq(data[2], 0x1); // Should be 0x1
fail_unless(set_bitfield(0x1, 21, 2, data, sizeof(data)));
ck_assert_int_eq(data[2], 0x3); // Should be 0x3
}
END_TEST
.....
As above, when call "set_bitfield(0x1, 21, 2, data, sizeof(data));", data2 will be set to "0" by macro "PREPARE_FIRST_COPY", and then the result will be 0x2. Test failed as follow:

90%: Checks: 10, Failures: 1, Errors: 0
tests/bitfield_tests.c:39:F:core:test_set_bitfield:0: Assertion 'data[2]==0x3' failed: data[2]==2, 0x3==3

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.