out of bounds read in DecompressRTF

[hannob]

The attached file causes an out of bounds read detectable with asan in the function DecompressRTF. ytnef-DecompressRTF.zip

Here's the address sanitizer error:

==8156==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61900000042b at pc 0x000000519cdc bp 0x7ffe04710870 sp 0x7ffe04710868
READ of size 1 at 0x61900000042b thread T0
    #0 0x519cdb in DecompressRTF /mnt/ram/ytnef/lib/ytnef.c:1548:31
    #1 0x51184b in MAPIPrint /mnt/ram/ytnef/lib/ytnef.c:1417:39
    #2 0x50a2cb in PrintTNEF /mnt/ram/ytnef/ytnefprint/main.c:169:5
    #3 0x509693 in main /mnt/ram/ytnef/ytnefprint/main.c:84:5
    #4 0x7f0b10c8c1e0 in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.24-r1/work/glibc-2.24/csu/../csu/libc-start.c:289
    #5 0x419979 in _start (/mnt/ram/ytnef/ytnefprint/ytnefprint+0x419979)

0x61900000042b is located 0 bytes to the right of 939-byte region [0x619000000080,0x61900000042b)
allocated by thread T0 here:
    #0 0x4d05c0 in calloc (/mnt/ram/ytnef/ytnefprint/ytnefprint+0x4d05c0)
    #1 0x50f11d in TNEFFillMapi /mnt/ram/ytnef/lib/ytnef.c:513:26
    #2 0x50cb60 in TNEFMapiProperties /mnt/ram/ytnef/lib/ytnef.c:396:7
    #3 0x5161f4 in TNEFParseFile /mnt/ram/ytnef/lib/ytnef.c:1042:10
    #4 0x50965d in main /mnt/ram/ytnef/ytnefprint/main.c:80:9

[Yeraze]

I think this is already resolved by #32

[hannob]

No, I have tested it with latest git + pull req 32. (But I'm having some trouble reproducing it under certain conditions. Right now it only reproduces with clang, not with gcc.)

[Yeraze]

I'm running it with clang on my MAcbook, and can't trigger your error. I think there's still a potential bug here so I added a sanity check, see if it disappears for you.

[Yeraze]

Closing as part of 1.9.2 release.