From f47e351ceeff1555aa7da55386e767a5fbd7e66e Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sun, 21 Feb 2021 09:23:43 +0000 Subject: [PATCH] Fix embarrassing goof in memxor at low sizes. Ahem. Called with size < 16, that could have underrun the internal counter and looped over all of memory. Fortunately I've so far only used it for 1024 bytes at a time! --- utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils.c b/utils.c index 6f7e69a7..3f0cf20e 100644 --- a/utils.c +++ b/utils.c @@ -1079,6 +1079,7 @@ void memxor(uint8_t *out, const uint8_t *in1, const uint8_t *in2, size_t size) switch (size & 15) { case 0: while (size >= 16) { + size -= 16; *out++ = *in1++ ^ *in2++; case 15: *out++ = *in1++ ^ *in2++; case 14: *out++ = *in1++ ^ *in2++; @@ -1095,7 +1096,6 @@ void memxor(uint8_t *out, const uint8_t *in1, const uint8_t *in2, size_t size) case 3: *out++ = *in1++ ^ *in2++; case 2: *out++ = *in1++ ^ *in2++; case 1: *out++ = *in1++ ^ *in2++; - size -= 16; } } }