buffer overrun in mii_disk.c #24
Description
Hi, I was testing this code in another program:
uint8_t nibbles[0x156] = {};
const unsigned ptr2 = 0;
const unsigned ptr6 = 0x56;
int i2 = 0x55;
for (int i6 = 0x101; i6 >= 0; --i6) {
uint8_t val6 = data[i6 % 0x100];
uint8_t val2 = nibbles[ptr2 + i2];
val2 = (val2 << 1) | (val6 & 1); val6 >>= 1;
val2 = (val2 << 1) | (val6 & 1); val6 >>= 1;
nibbles[ptr6 + i6] = val6;
nibbles[ptr2 + i2] = val2;
if (--i2 < 0)
i2 = 0x55;
}
The buffer nibbles (0x156) is not large enough, as you are accessing in the first loop with index:
ptr6 (value 0x56) plus i6 (value 0x101 first time through loop) == index 0x157; that is two bytes more than you have allocated.