In some places of MAM trits_from_str is used to convert from trytes string to trits (see eg. https://github.com/iotaledger/entangled/blob/develop/mam/psk/psk.c#L23). This function returns bool which is not checked, this might lead to UB (in case string contains bad characters or too short).
In other places mam_api_channel_get is used which is unsafe in case string contains bad characters.
Problem
In some places of MAM
trits_from_stris used to convert from trytes string to trits (see eg. https://github.com/iotaledger/entangled/blob/develop/mam/psk/psk.c#L23). This function returnsboolwhich is not checked, this might lead to UB (in case string contains bad characters or too short).In other places
mam_api_channel_getis used which is unsafe in case string contains bad characters.Solution
trits_from_str;