Actions
Bug #7296
closed
PA
PA
detect: transform base64 creates a 0-sized variable-length array
Bug #7296:
detect: transform base64 creates a 0-sized variable-length array
Affected Versions:
Effort:
Difficulty:
Label:
Description
Found by oss-fuzz
https://issues.oss-fuzz.com/u/1/issues/370595554
No need to backport as detect-transform-base64.c does not exist in main7
PA Updated by Philippe Antoine over 1 year ago
- Copied from Bug #5521: detect: transform strip whitespace creates a 0-sized variable-length array added
PA Updated by Philippe Antoine over 1 year ago
- Status changed from New to In Review
VJ Updated by Victor Julien over 1 year ago
- Label deleted (
Needs backport to 6.0)
What is the impact of this?
PA Updated by Philippe Antoine over 1 year ago
Victor Julien wrote in #note-3:
What is the impact of this?
Undefined behavior cf https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html
-fsanitize=vla-bound: A variable-length array whose bound does not evaluate to a positive value.
I do not think there is a real impact
VJ Updated by Victor Julien over 1 year ago
How do we end up with a 0 byte input btw?
VJ Updated by Victor Julien over 1 year ago
- Private changed from Yes to No
PA Updated by Philippe Antoine over 1 year ago
Victor Julien wrote in #note-5:
How do we end up with a 0 byte input btw?
Looks easy, like a http header with an empty value : 0 byte input
PA Updated by Philippe Antoine over 1 year ago
PA Updated by Philippe Antoine over 1 year ago
- Status changed from In Review to Closed
Actions