[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8301) signed/unsigned confusion in ber_get_next()

Full_Name: Ondřej Kuzn.k
Version: re24
OS: Linux i386
Submission from: (NULL) (

Hi, the following will assert in liblber on i386 (and it should be possible to
craft a similar one for 64bit, I think):

echo 'CoSSoJKSCg==' | base64 -d | ~/code/openldap/libraries/liblber/etest .

My first reaction was that it encodes a length that, while still not enough to
overflow the address space, will have the highest bit set and is interpreted as
negative when saved into to_go in io.c:658, triggering the assert. However
ber_get_next is more complex than that and I can't read BER yet.