libxtables: fix two off-by-one memory corruption bugs

The LSB of xtables_pending_matches was overwritten with zero
that lead to segmentation fault. But simply adding an additional variable
in the code or changing compilation options modified the behaviour so that no
segmentation fault happens so it is rather subtle.

(1) memset(p + (bits / 8) + 1, 0, (128 - bits) / 8);
In case of bits % 8 == 0 we write the byte behind *p

(2) p[bits/8] = 0xff << (8 - (bits & 7));
In case of bits == 128 we write the byte behind *p

Closes bug 943.

Signed-off-by: Florian Westphal <fw@strlen.de>

0 files changed, 0 insertions, 0 deletions