[erlang-bugs] asn.1 - decoding corrupted binary
Bertil Karlsson
bertil.karlsson@REDACTED
Wed Sep 3 09:00:20 CEST 2008
Thank you for reporting this behaviour of the asn1 decoder.
It is a bug that will be corrected, though we cannot make it to the
coming OTP-release.
/Bertil Karlsson
OTP-Team
bruce green wrote:
> There is an infinite loop during corrupted binary decoding.
>
> Example:
>
> Rec3 DEFINITIONS IMPLICIT TAGS ::=
> BEGIN
> EXPORTS Rec3;
> Rec3 ::= SET
> {
> recType [0] RecType,
> typedItem [1] TypedItem OPTIONAL
> }
> RecType ::= INTEGER
> {
> rec4 (0),
> rec5 (1)
> }
> TypedItem ::= OCTET STRING (SIZE(1..20))
> END
>
> the record:
> #'Rec3'{recType=rec5,typedItem=[16#12,16#34,16#56,16#78,16#40,16#90,16#19,16#33]}
>
> the encoded binary:
> 31 0D 80 01 01 81 08 12 34 56 78 40 90 19 33
>
> the modified (=corrupted) binary:
> 31 0D 80 01 01 00 00 00 00 00 00 00 00 00 00
>
> Now I try to decode the corrupted binary and the program goes to the
> infinite loop.
>
> The suspected code in the generated erl module:
> 'dec_Rec3_fun'(Bytes, OptOrMand) ->
> ...
> %% tag not found, if extensionmark we should skip bytes here
> _ -> {[], Bytes,0}
>
> Tested on: R11B3 (asn1 - 1.4.4.11), R12B3 (asn1 - 1.5.2)
> _______________________________________________
> erlang-bugs mailing list
> erlang-bugs@REDACTED
> http://www.erlang.org/mailman/listinfo/erlang-bugs
>
>
More information about the erlang-bugs
mailing list