Actions
Bug #7296
closeddetect: transform base64 creates a 0-sized variable-length array
Affected Versions:
Effort:
Difficulty:
Label:
Description
Found by oss-fuzz
https://issues.oss-fuzz.com/u/1/issues/370595554
No need to backport as detect-transform-base64.c does not exist in main7
Updated by Philippe Antoine 3 months ago
- Copied from Bug #5521: detect: transform strip whitespace creates a 0-sized variable-length array added
Updated by Victor Julien 3 months ago
- Label deleted (
Needs backport to 6.0)
What is the impact of this?
Updated by Philippe Antoine 3 months ago
Victor Julien wrote in #note-3:
What is the impact of this?
Undefined behavior cf https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html
-fsanitize=vla-bound: A variable-length array whose bound does not evaluate to a positive value.
I do not think there is a real impact
Updated by Philippe Antoine 3 months ago
Victor Julien wrote in #note-5:
How do we end up with a 0 byte input btw?
Looks easy, like a http header with an empty value : 0 byte input
Updated by Philippe Antoine 3 months ago
Updated by Philippe Antoine 2 months ago
- Status changed from In Review to Closed
Actions