jglim
commented
2 years ago The library is built without /unsafe so it automatically includes runtime bounds checking that is provided by .net. In the case of a malformed file that leads to this issue, the runtime will make angry noises and exit without memory corruption or losing control flow.
For now, I can't replicate this as I do not have a copy of CPC301T.CBF. I will not be making any changes, but will keep an eye out for this particular case.
Thanks for looking out for this project ^^
N0cynym
Hey!
As you know, my own CBFParser shares a lot of similar code with CaesarSuite.
However, as CBFParser is built in Rust and not C#, I thought I would alert you to a potential bug (Not tested in Caesarsuite), which trips Rusts debug build underflow detection. The code in question is shared between CBFParser and CaesarSuite.
Parsing CPC301T.CBF panics like so:
This panic is caused by this line: https://github.com/rnd-ash/OpenVehicleDiag/blob/egui_ecu_diag/CBFParser/src/diag/preparation.rs#L139
So essentially,
byte_count & 0xFFis somehow smaller thanbit_pos, which triggers the underflow detection, breaking the parser.I noticed that CaesarSuite shares almost identical code here: https://github.com/jglim/CaesarSuite/blob/main/Caesar/Caesar/DiagPreparation.cs#L246
So I've raised this issue here in case this is something that CaesarSuite does not handle correctly and instead continues silently (I don't program in C# so not sure if it has a similar Over/underflow detection system :) )