Integer with 0 length raises an exception

[emillon]

Hi,

I'm using asn1-combinators to parse ECDSA signatures. The grammar is a sequence of two integers, ie sequence2 (required integer) (required integer).

Parsing the following byte string from project wycheproof causes an exception:

https://github.com/google/wycheproof/blob/c313761979d74b0417230eddd0f87d0cfab2b46b/testvectors/ecdsa_secp256r1_sha256_test.json#L943-L950

"invalid bounds in Cstruct.get_uint8 [4,0](39) off=0 len=1"

I expected a decode error to be returned (as Error _).

This can be reduced to the fact that parsing "02 00" as an integer raises the same error.

(interestingly, asn1js parses it as 0 in the structure, but returns an error when trying to parse 02 00 by itself)

Thanks!

[pqwy]

Thank you for the report!

I'm actually busily working on this. The fix itself is trivial (length field itself is not length checked here), but instead of playing whack-a-mole with individual fixes, I'm trying to get randomized testing to the point where it can actually recognize this as a bug.

I'm very happy you're running this over wycheproof corpus. Sadly, it is geared towards crypto primitives and uses relatively simple ASN grammars necessary for that. If there is a hand-curated corpus of more general ASN tests, especially negative tests, I would be ecstatic to know about it.

[pqwy]

Ok, this is handled here.

[hannesm]

thanks, this is fixed in 0.2.1 PRed to opam repository. closing.