Two crashes were detected when parsing corrupted input files (see samples/crash*.dump). These were fixed by checking the input buffer size before parsing TLV header and copying the content to the result buffer.
The first patch contains a minor fix for the "expected size" output in the error messages which was helpful when creating the malicious samples.
The crashes can be experienced when running following test after merging #9 + copying the samples/crash*.dump files from this pull request:
make clean && TESTRUN_WRAPPER='valgrind -q --error-exitcode=126 --track-origins=yes --leak-check=full' CFLAGS="-O1 -g3" make test
This test would also be run automatically by travis ci after merging #9
Two crashes were detected when parsing corrupted input files (see samples/crash*.dump). These were fixed by checking the input buffer size before parsing TLV header and copying the content to the result buffer.
The first patch contains a minor fix for the "expected size" output in the error messages which was helpful when creating the malicious samples.
The crashes can be experienced when running following test after merging #9 + copying the samples/crash*.dump files from this pull request:
This test would also be run automatically by travis ci after merging #9