Buffer Overflow in CBitVector::Get<T>()

[lenerd]

This function template

template<class T> T Get(int pos, int len) {
    T val = 0;
    GetBits((BYTE*) &val, pos, len);
    return val;
}

is vulnerable to a buffer overflow on the stack. If len is larger than the size of T in bits, GetBits will overflow the local variable.

This happens for example in the test cases with 191 bits. The template is instantiated as Get<uint64_t>(...) here:

tmpret64 = vRcvX[k].Get<uint64_t>(i * m_nBitLength, m_nBitLength);

[MichaelZohner]

Thanks for pointing this out. I added assertions to CBitVector class that check for length boundary and changed the test output to binary.