introduced bounds checking functions and macro

Author: joe-saronic

src/rcv/adnav.c

@@ -45,12 +45,44 @@
 #define TRKS_SNR         0x20              /* SNR valid */
 
 /* get fields (little-endian) ------------------------------------------------*/
-#define U1(p) (*((uint8_t *)(p)))
-#define I1(p) (*((int8_t  *)(p)))
-static uint16_t U2(uint8_t *p) {uint16_t u; memcpy(&u,p,2); return u;}
-static uint32_t U4(uint8_t *p) {uint32_t u; memcpy(&u,p,4); return u;}
-static float    R4(uint8_t *p) {float    r; memcpy(&r,p,4); return r;}
-static double   R8(uint8_t *p) {double   r; memcpy(&r,p,8); return r;}
+static uint8_t U1(const raw_t *raw, size_t index) {
+  RTKBOUNDSCHECK(raw->buff, sizeof(raw->buff), index);
+  RTKBOUNDSCHECK(raw->buff, raw->len, index);
+  return raw->buff[index];
+}
+static int8_t I1(const raw_t *raw, size_t index) {
+  RTKBOUNDSCHECK(raw->buff, sizeof(raw->buff), index);
+  RTKBOUNDSCHECK(raw->buff, raw->len, index);
+  return (int8_t)raw->buff[index];
+}
+static uint16_t U2(const raw_t *raw, size_t index) {
+  RTKBOUNDSCHECK(raw->buff, sizeof(raw->buff), index + 1);
+  RTKBOUNDSCHECK(raw->buff, raw->len, index + 1);
+  uint16_t u;
+  memcpy(&u, raw->buff + index, 2);
+  return u;
+}
+static uint32_t U4(const raw_t *raw, size_t index) {
+  RTKBOUNDSCHECK(raw->buff, sizeof(raw->buff), index + 3);
+  RTKBOUNDSCHECK(raw->buff, raw->len, index + 3);
+  uint32_t u;
+  memcpy(&u, raw->buff + index, 4);
+  return u;
+}
+static float R4(const raw_t *raw, size_t index) {
+  RTKBOUNDSCHECK(raw->buff, sizeof(raw->buff), index + 3);
+  RTKBOUNDSCHECK(raw->buff, raw->len, index + 3);
+  float r;
+  memcpy(&r, raw->buff + index, 4);
+  return r;
+}
+static double R8(const raw_t *raw, size_t index) {
+  RTKBOUNDSCHECK(raw->buff, sizeof(raw->buff), index + 7);
+  RTKBOUNDSCHECK(raw->buff, raw->len, index + 7);
+  double r;
+  memcpy(&r, raw->buff + index, 8);
+  return r;
+}
 
 /* receiver state ------------------------------------------------------------*/
 typedef struct {

src/rtkcmn.c

@@ -390,6 +390,24 @@ extern void add_fatal(fatalfunc_t *func)
 {
     fatalfunc=func;
 }
+/* check indices within bounds -------------------------------------------------
+* Check that the index is within the buffer, generating a fatal error if not.
+* See the macro RTKBOUNDSCHECK()
+* args   : const char *func  I  name of caller performing check
+*          int         line  I  line number
+*          const void *buff  I  buffer to check against
+*          size_t      size  I  size of the buffer in bytes
+*          size_t      index I  index to check; when checking against a byte
+*                               size, this is the index of the last byte to
+*                               be accessed
+*-----------------------------------------------------------------------------*/
+extern void rtkboundscheck(const char *func, int line, const void *buff, size_t size, size_t index) {
+  if (index >= size) {
+    fatalerr("rtk out of bound in %s line %d for buffer %p of size %zu at index %zu\n",
+             func, line, buff, size, index);
+  }
+}
+
 /* satellite system+prn/slot number to satellite number ------------------------
 * convert satellite system+prn/slot number to satellite number
 * args   : int    sys       I   satellite system (SYS_GPS,SYS_GLO,...)

src/rtklib.h

@@ -1560,6 +1560,10 @@ EXPORT void traceb_impl   (int level, const uint8_t *p, int n);
 
 #endif /* TRACE */
 
+/* correctness utility function ----------------------------------------------*/
+#define RTKBOUNDSCHECK(buff, size, index) rtkboundscheck(__func__, __LINE__, buff, size, index);
+EXPORT void rtkboundscheck(const char *func, int line, const void *buff, size_t size, size_t index);
+
 /* platform dependent functions ----------------------------------------------*/
 EXPORT int execcmd(const char *cmd);
 EXPORT int expath (const char *path, char *paths[], int nmax);