diff options
author | Jack Lloyd <[email protected]> | 2017-08-24 09:38:24 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-08-25 17:36:51 -0400 |
commit | 9ea5a37c46eee072faf1c1dff1e941fae24f86c4 (patch) | |
tree | 001493eeef0b3bda72f3f8703122f7328f8b3098 | |
parent | 3baa546d70bcd078b23be07069d755a5f130fb0f (diff) |
Add a guard to avoid doing &v[1] when v.size() == 1
Found by running the fuzzers over corpus with debug iterators.
-rw-r--r-- | src/lib/asn1/ber_dec.cpp | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/lib/asn1/ber_dec.cpp b/src/lib/asn1/ber_dec.cpp index bf728a8e8..67a2c9d8e 100644 --- a/src/lib/asn1/ber_dec.cpp +++ b/src/lib/asn1/ber_dec.cpp @@ -544,7 +544,9 @@ BER_Decoder& BER_Decoder::decode(secure_vector<uint8_t>& buffer, throw BER_Decoding_Error("Bad number of unused bits in BIT STRING"); buffer.resize(obj.value.size() - 1); - copy_mem(buffer.data(), &obj.value[1], obj.value.size() - 1); + + if(obj.value.size() > 1) + copy_mem(buffer.data(), &obj.value[1], obj.value.size() - 1); } return (*this); } @@ -569,7 +571,9 @@ BER_Decoder& BER_Decoder::decode(std::vector<uint8_t>& buffer, throw BER_Decoding_Error("Bad number of unused bits in BIT STRING"); buffer.resize(obj.value.size() - 1); - copy_mem(buffer.data(), &obj.value[1], obj.value.size() - 1); + + if(obj.value.size() > 1) + copy_mem(buffer.data(), &obj.value[1], obj.value.size() - 1); } return (*this); } |