Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

heap-buffer overread of 1 byte caused by off-by-one error in COBS encoder #10

Closed
dende opened this issue Jun 3, 2020 · 1 comment
Closed

Comments

@dende
Copy link
Contributor

dende commented Jun 3, 2020

While setting up fuzz testing for some parts of outpost-core, I stumbled upon a bug in the cobs encoder algorithm.

Our fuzzer found a buffer overread of size one in the while loop starting in line 118.

During the loops, the position variable will be increased up to mLength which is the size of the input data. On the last iteration, position will be at mLength, meaning that in the case of an input array mData with length n, mData[n] will be read, which does not belong to the buffer.

I will create a pull request with a fix in a second.

Best regards,
Christian Hartlage
Security Engineer @code-intelligence-gmbh

@dende
Copy link
Contributor Author

dende commented Jul 20, 2020

thanks for merging!

closed by #11

@dende dende closed this as completed Jul 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant