Skip to content

Access beyond variable bounds #49

Open
Open
Access beyond variable bounds#49
@jaimefrites

Description

@jaimefrites
jaimefrites
opened on Feb 5, 2020

Hi! Looks like BIT_TEST_SEARCH tests bit beyond prefix.add in the macro. Because nobe->bit can be 128 for IPv6 (or 32 for IPv4), but valid index range for prefix.add is [0, 127] (or [0, 31]).

#define RADIX_SEARCH_FOREACH_INCLUSIVE(node, head, prefix) \
        for ((node) = (head); \
             (node) != NULL && (node)->bit <= (prefix)->bitlen; \
             (node) = BIT_TEST_SEARCH(prefix_touchar(prefix), node) ? (node)->r : (node)->l)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions