I've been fuzzing this library (with go-fuzz) to catch some inevitable errors, just came across one.
Fixes a panic in readBlob when blobLen is less than 0. The panic can be triggered with an invalid packet that contains an OSC-blob with a less than zero value. However I determined that logically a length of zero is also invalid, so I've set the check to require a minimum of 1.
Additionally, I'm checking to make sure that blobLen is actually fits within the read packet.
hypebeast
commented
3 years ago
I've been fuzzing this library (with go-fuzz) to catch some inevitable errors, just came across one.
Fixes a panic in
readBlobwhenblobLenis less than 0. The panic can be triggered with an invalid packet that contains anOSC-blobwith a less than zero value. However I determined that logically a length of zero is also invalid, so I've set the check to require a minimum of 1.Additionally, I'm checking to make sure that
blobLenis actually fits within the read packet.