neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/libasn1c/+/37986?usp=email ) Change subject: coverity CID#27223 ...................................................................... coverity CID#27223 Make sure that bits_unused cannot subtract more bits than present in st->size. Especially when st->size == 0, this ensures that sizeinunits is also 0, and that a st->size == 0 hence never enters the while (sizeinunits) loop. Change-Id: Ib4d4d08dde9dc01403a62493ab6ae8b853b8a1ec --- M src/OCTET_STRING.c 1 file changed, 9 insertions(+), 2 deletions(-) git pull ssh://gerrit.osmocom.org:29418/libasn1c refs/changes/86/37986/1 diff --git a/src/OCTET_STRING.c b/src/OCTET_STRING.c index 959c32e..d8f0f69 100644 --- a/src/OCTET_STRING.c +++ b/src/OCTET_STRING.c @@ -1699,6 +1699,7 @@ unsigned int unit_bits; unsigned int canonical_unit_bits; unsigned int sizeinunits; + unsigned int unused; const uint8_t *buf; int ret; enum { @@ -1728,7 +1729,11 @@ case ASN_OSUBV_BIT: canonical_unit_bits = unit_bits = 1; bpc = OS__BPC_BIT; - sizeinunits = st->size * 8 - (st->bits_unused & 0x07); + sizeinunits = st->size * 8; + /* make sure sizeinunits cannot wrap past zero (especially when st->size == 0). */ + unused = st->bits_unused & 0x07; + if (unused <= sizeinunits) + sizeinunits -= unused; ASN_DEBUG("BIT STRING of %d bytes, %d bits unused", sizeinunits, st->bits_unused); break; @@ -1827,8 +1832,10 @@ ret = OCTET_STRING_per_put_characters(po, buf, maySave, bpc, unit_bits, cval->lower_bound, cval->upper_bound, pc); - } else { + } else if (buf) { ret = per_put_many_bits(po, buf, maySave * unit_bits); + } else { + _ASN_ENCODE_FAILED; } if(ret) _ASN_ENCODE_FAILED; -- To view, visit https://gerrit.osmocom.org/c/libasn1c/+/37986?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: libasn1c Gerrit-Branch: master Gerrit-Change-Id: Ib4d4d08dde9dc01403a62493ab6ae8b853b8a1ec Gerrit-Change-Number: 37986 Gerrit-PatchSet: 1 Gerrit-Owner: neels &lt;nhofmeyr(a)sysmocom.de&gt;