-
Committer:
Adam Jackson
-
Author(s):
Jonathan Kew
-
Date:
2021-05-07 13:37:28 UTC
-
Revision ID:
git-v1:e93eaff517567518696cac21203bbc5efdfee426
Avoid out-of-bounds read when accessing individual bytes from mask.
The important changes here are a handful of places where we replace
memcpy(&m, mask++, sizeof(uint32_t));
or similar code with
uint8_t m = *mask++;
because we're only supposed to be reading a single byte from *mask,
and accessing a 32-bit value may read out of bounds (besides that
it reads values we don't actually want; whether this matters would
depend exactly how the value in m is subsequently used).
I've also changed a bunch of other places to use this same pattern
(a local 8-bit variable) when reading individual bytes from the mask;
the code was inconsistent about this, sometimes casting the byte to
a uint32_t instead. This makes no actual difference, it just seemed
better to use a consistent pattern throughout the file.