Closed muratbalaban43 closed 1 year ago
Nice find, a bit surprised the fuzzing didn't find this one. I would however like to do it by validating the sublength to make sure invalid data is not propagated back in the reply.
After getting the sublength, do a
if (sublength >= (end - offset))
break;
the maximum remaining sublength is end - (offset + 1)
Hi @mjansson , thanks for the suggestion. Just sent another commit upon your comment.
Thank you!
Suggestion to fix a possible heap overflow