aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-08-24 09:38:24 -0400
committerJack Lloyd <[email protected]>2017-08-25 17:36:51 -0400
commit9ea5a37c46eee072faf1c1dff1e941fae24f86c4 (patch)
tree001493eeef0b3bda72f3f8703122f7328f8b3098
parent3baa546d70bcd078b23be07069d755a5f130fb0f (diff)
Add a guard to avoid doing &v[1] when v.size() == 1
Found by running the fuzzers over corpus with debug iterators.
-rw-r--r--src/lib/asn1/ber_dec.cpp8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/lib/asn1/ber_dec.cpp b/src/lib/asn1/ber_dec.cpp
index bf728a8e8..67a2c9d8e 100644
--- a/src/lib/asn1/ber_dec.cpp
+++ b/src/lib/asn1/ber_dec.cpp
@@ -544,7 +544,9 @@ BER_Decoder& BER_Decoder::decode(secure_vector<uint8_t>& buffer,
throw BER_Decoding_Error("Bad number of unused bits in BIT STRING");
buffer.resize(obj.value.size() - 1);
- copy_mem(buffer.data(), &obj.value[1], obj.value.size() - 1);
+
+ if(obj.value.size() > 1)
+ copy_mem(buffer.data(), &obj.value[1], obj.value.size() - 1);
}
return (*this);
}
@@ -569,7 +571,9 @@ BER_Decoder& BER_Decoder::decode(std::vector<uint8_t>& buffer,
throw BER_Decoding_Error("Bad number of unused bits in BIT STRING");
buffer.resize(obj.value.size() - 1);
- copy_mem(buffer.data(), &obj.value[1], obj.value.size() - 1);
+
+ if(obj.value.size() > 1)
+ copy_mem(buffer.data(), &obj.value[1], obj.value.size() - 1);
}
return (*this);
}