From c14455b2d72e248190e8f13810e0aa25a36166af Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 13 Jan 2017 11:56:51 +0100 Subject: _asn1_ltostr: ensure that input value will always be printed That is, use an unsigned type to store the output of the negation (in case the input is negative). This addresses the issue found in PKCS#7 decoding: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=388 Signed-off-by: Nikos Mavrogiannopoulos --- lib/parser_aux.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/lib/parser_aux.c b/lib/parser_aux.c index cfd76e0..7313eeb 100644 --- a/lib/parser_aux.c +++ b/lib/parser_aux.c @@ -551,29 +551,33 @@ _asn1_delete_list_and_nodes (void) char * _asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE]) { - int64_t d, r; + uint64_t d, r; char temp[LTOSTR_MAX_SIZE]; int count, k, start; + uint64_t val; if (v < 0) { str[0] = '-'; start = 1; - v = -v; + val = -v; } else - start = 0; + { + val = v; + start = 0; + } count = 0; do { - d = v / 10; - r = v - d * 10; + d = val / 10; + r = val - d * 10; temp[start + count] = '0' + (char) r; count++; - v = d; + val = d; } - while (v && ((start+count) < LTOSTR_MAX_SIZE-1)); + while (val && ((start+count) < LTOSTR_MAX_SIZE-1)); for (k = 0; k < count; k++) str[k + start] = temp[start + count - k - 1]; -- cgit v1.2.1