Thank you for that. Would you like to send a merge request with a fix and a reproducer?
regards, Nikos On Sun, Dec 9, 2018 at 10:20 PM Terry Jones <[email protected]> wrote: > Found a bug in the parser for Gnu libtasn1-4.9, they in the case of making > the tokens and by that adding a "-" to the string go over the length of > their buffer. So the problem is using a sizeof on the buffer size and > making the buffer too short. Looks like two problems, this way the problem > creeps as you grow the buffer to add room for the "-": > > GNU C17 (GCC) version 8.2.0 (x86_64-pc-linux-gnu) > compiled by GNU C version 8.2.0, GMP version 6.1.2, MPFR version > 4.0.1, MPC version 1.1.0, isl version none > GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072 > Compiler executable checksum: 81f798d4ff0871f00b0a4f3f1296b20a > ASN1.c: In function '_asn1_yyparse': > ASN1.y:164:47: error: 'snprintf' output may be truncated before the last > format character [-Werror=format-truncation=] > | '-' NUM {snprintf($$,sizeof($$),"-%s",$2);} > ^~~~~ > ASN1.y:164:6: note: 'snprintf' output between 2 and 66 bytes into a > destination of size 65 > | '-' NUM {snprintf($$,sizeof($$),"-%s",$2);} > ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ASN1.y:152:47: error: 'snprintf' output may be truncated before the last > format character [-Werror=format-truncation=] > neg_num : '-' NUM {snprintf($$,sizeof($$),"-%s",$2);} > ^~~~~ > ASN1.y:152:6: note: 'snprintf' output between 2 and 66 bytes into a > destination of size 65 > neg_num : '-' NUM {snprintf($$,sizeof($$),"-%s",$2);} > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > cc1: all warnings being treated as errors > Makefile:1112: recipe for target 'ASN1.lo' failed > > This looks to be more than just a warning, since it looks like the buffer > is being over extended. >
