fix out of bounds read in zlsb() - libzahl

diff options

author	Valentina Demiciseaux <vallyyyyy@proton.me>	2026-02-14 23:46:26 +0000
committer	Mattias Andrée <m@maandree.se>	2026-02-15 01:47:02 +0100
commit	0121293f8de339d2c6d26da63a92f79cfff1b871 (patch)
tree	46256745396190d435ae980eef6e18289eaddea8 /man/zsplit.3
parent	Use ar(1)'s s-flag instead of invoking ranlib(1) (diff)
download	libzahl-0121293f8de339d2c6d26da63a92f79cfff1b871.tar.gz libzahl-0121293f8de339d2c6d26da63a92f79cfff1b871.tar.bz2 libzahl-0121293f8de339d2c6d26da63a92f79cfff1b871.tar.xz

fix out of bounds read in zlsb()

prev scales i from num chars -> num bits, then indexes with it, causing a page fault or reading garbage. scale i after the read instead. here is a reproducer #include <stdio.h> #include "libzahl/zahl.h" int main(void) { z_t x; zinit(x); zsetu(x, 1); zlsh(x, x, 2097153); printf("used chars: expect 32769, have %lu\n", x->used); size_t tz = zlsb(x); printf("tz: expect 2097153, have %lu\n", tz); }

Diffstat (limited to 'man/zsplit.3')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: