single_manchester() considers both i and i+1, but the loop only
tests that i is in bounds. This causes undefined behavior, including
but not limited to a SIGBUS-related crash on Mac OS X.
---
src/rtl_adsb.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/rtl_adsb.c b/src/rtl_adsb.c
index 44b62e2..3c353a0 100644
--- a/src/rtl_adsb.c
+++ b/src/rtl_adsb.c
@@ -258,6 +258,7 @@ void manchester(uint16_t *buf, int len)
uint16_t a=0, b=0;
uint16_t bit;
int i, i2, start, errors;
+ int maximum_i = len - 1; // len-1 since we look at i and i+1
// todo, allow wrap across buffers
i = 0;
while (i < len) {
@@ -275,7 +276,7 @@ void manchester(uint16_t *buf, int len)
i2 = start = i;
errors = 0;
/* mark bits until encoding breaks */
- for ( ; i < len; i+=2, i2++) {
+ for ( ; i < maximum_i; i+=2, i2++) {
bit = single_manchester(a, b, buf[i], buf[i+1]);
a = buf[i];
b = buf[i+1];
--
1.8.3.4
