Stack corruption in reedSolomon::decode_rs #73
Comments
srcejon
added a commit
to srcejon/dab-cmdline
that referenced
this issue
Apr 21, 2021
Merged
|
That is a good one!
I'll have it fixed.
Btw, I was modifying some code in the library (and some of the example
programs), since I was somewhat unhappy with passing
individual functions through the who;e computing chain. Change will be
a (major) the dabInit and other functions take as parameter a struct
API_struct with as fields the various callback functions,
b (minor) I added a callback function that can be used to print the TII
data (major, minor)
On the todo list is a rewrite of example 5 (the one with keyboard "up" and
"down" through the list), where a simple message queui
is used to handle the result of the callbacks.
Op wo 21 apr. 2021 om 22:04 schreef srcejon ***@***.***>:
… Hi,
It looks like there is stack corruption in reedSolomon::decode_rs().
It has:
uint8_t omega [nroots];
Then calls computeOmega()
Which does:
omega [nroots] = codeLength;
omega [nroots] is beyond the end of the allocated array (which of course
only goes to nroots-1).
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#73>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACCPHQDGKMQFQ75ZYGQNMCTTJ4VUTANCNFSM43LBMVFQ>
.
--
Jan van Katwijk
|
|
Great - note that in the MacOS patch you just merged. I'd increased the size of the array by 1 as a temporary workaround. |
|
yes I've seen that!
When I find some time I'll dive into the rs code (has been a long time)
Op do 22 apr. 2021 om 14:57 schreef srcejon ***@***.***>:
… Great - note that in the MacOS patch you just merged. I'd increased the
size of the array by 1 as a temporary workaround.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#73 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACCPHQHFTTYBMMYTP6MKL4LTKAMLTANCNFSM43LBMVFQ>
.
--
Jan van Katwijk
|
|
Interesting is that in qt-dab the size was adapted, similar to the size of
lambda, also nroots+1
Op do 22 apr. 2021 om 15:13 schreef jan van katwijk ***@***.***
…:
yes I've seen that!
When I find some time I'll dive into the rs code (has been a long time)
Op do 22 apr. 2021 om 14:57 schreef srcejon ***@***.***>:
> Great - note that in the MacOS patch you just merged. I'd increased the
> size of the array by 1 as a temporary workaround.
>
> —
> You are receiving this because you commented.
> Reply to this email directly, view it on GitHub
> <#73 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/ACCPHQHFTTYBMMYTP6MKL4LTKAMLTANCNFSM43LBMVFQ>
> .
>
--
Jan van Katwijk
--
Jan van Katwijk
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
It looks like there is stack corruption in reedSolomon::decode_rs().
It has:
uint8_t omega [nroots];
Then calls computeOmega()
Which does:
omega [nroots] = codeLength;
omega [nroots] is beyond the end of the allocated array (which of course only goes to nroots-1).
The text was updated successfully, but these errors were encountered: