[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8301) signed/unsigned confusion in ber_get_next()

To: openldap-its@OpenLDAP.org
Subject: (ITS#8301) signed/unsigned confusion in ber_get_next()
From: ondra@mistotebe.net
Date: Thu, 05 Nov 2015 00:12:26 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Ond&amp;#345;ej Kuzn.k
Version: re24
OS: Linux i386
URL: 
Submission from: (NULL) (86.166.135.137)


Hi, the following will assert in liblber on i386 (and it should be possible to
craft a similar one for 64bit, I think):

echo 'CoSSoJKSCg==' | base64 -d | ~/code/openldap/libraries/liblber/etest .

My first reaction was that it encodes a length that, while still not enough to
overflow the address space, will have the highest bit set and is interpreted as
negative when saved into to_go in io.c:658, triggering the assert. However
ber_get_next is more complex than that and I can't read BER yet.

Prev by Date: Re: (ITS#8300) LMDB mdb_cursor_del data loss
Next by Date: Re: (ITS#8301) signed/unsigned confusion in ber_get_next()
Index(es):
- Chronological
- Thread