Hi, Attached is a malformed asn1 definition that causes a segfault in libtasn1. To test: asn1Decoding segf.asn x x
Address Sanitizer trace: ==472==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fe4db0d256a sp 0x7fffe42ef2a8 bp 0x7fffe42ef2e0 T0) #0 0x7fe4db0d2569 in strlen (/lib64/libc.so.6+0x82569) #1 0x7fe4db41dcb5 in strlen (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.2/libasan.so.1+0x32cb5) #2 0x43df3c in _asn1_expand_object_id /tmp/libtasn1-4.2/lib/parser_aux.c:704 #3 0x4123f8 in asn1_parser2tree /tmp/libtasn1-4.2/lib/ASN1.y:704 #4 0x403183 in main /tmp/libtasn1-4.2/src/asn1Decoding.c:142 #5 0x7fe4db06ff9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f) #6 0x4049f1 (/tmp/libtasn1-4.2/src/asn1Decoding+0x4049f1) Please note: This is only in the asn1 definition parser, not in the asn1 parser itself, so the impact is probably minor. Still it should probably be fixed. Found with the help of american fuzzy lop. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: [email protected] GPG: BBB51E42
segf.asn
Description: Binary data
pgpsjQASEVRIF.pgp
Description: OpenPGP digital signature
