[Date Prev][Date Next]
(ITS#8301) signed/unsigned confusion in ber_get_next()
Full_Name: Ond&#345;ej Kuzn.k
OS: Linux i386
Submission from: (NULL) (126.96.36.199)
Hi, the following will assert in liblber on i386 (and it should be possible to
craft a similar one for 64bit, I think):
echo 'CoSSoJKSCg==' | base64 -d | ~/code/openldap/libraries/liblber/etest .
My first reaction was that it encodes a length that, while still not enough to
overflow the address space, will have the highest bit set and is interpreted as
negative when saved into to_go in io.c:658, triggering the assert. However
ber_get_next is more complex than that and I can't read BER yet.