0.5.0 regression - OverflowError: cannot fit 'int' into an index-sized integer #54

adiroiban · 2024-01-24T10:34:19Z

Thanks for this great library :)

I am upgrading from 0.4.8 to 0.5.1.

While executing my tests I can see that with 0.5.0 (and 0.5.1) the pyasn1.error.SubstrateUnderrunError is no longer raised and instead an OverflowError is raised.

To reproduce, I have this code.

Data is just some random input.

from pyasn1.codec.ber import decoder
data = b'\xa6\x08\'\x9b\xb1\x01\'8\x19\xa3\x1f\xf3\xf181R\xa2\xd84"\x82\x9eu4~\x8d\xaa\x0f\xc3\x0e2\xbb\xa0hF\xb7\x05\xa7\x01U9\xf4\xc8+.\x98\x9a8\x94\xdbx]\xbb\xd6\x98w\xe9\xb1\xb0\xe9\xd9\x96:7$'
decoder.decode(data)

The error is

>>> Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/VENV-PATH/lib/python3.11/site-packages/pyasn1/codec/ber/decoder.py", line 2063, in __call__
    for asn1Object in streamingDecoder:
  File "/VENV-PATH/lib/python3.11/site-packages/pyasn1/codec/ber/decoder.py", line 1932, in __iter__
    for asn1Object in self._singleItemDecoder(
  File "/VENV-PATH/lib/python3.11/site-packages/pyasn1/codec/ber/decoder.py", line 1788, in __call__
    for value in concreteDecoder.valueDecoder(
  File "/VENV-PATH/lib/python3.11/site-packages/pyasn1/codec/ber/decoder.py", line 102, in valueDecoder
    for value in decodeFun(substrate, asn1Spec, tagSet, length, **options):
  File "/VENV-PATH/lib/python3.11/site-packages/pyasn1/codec/ber/decoder.py", line 1788, in __call__
    for value in concreteDecoder.valueDecoder(
  File "/VENV-PATH/lib/python3.11/site-packages/pyasn1/codec/ber/decoder.py", line 333, in valueDecoder
    for component in decodeFun(
  File "/VENV-PATH/lib/python3.11/site-packages/pyasn1/codec/ber/decoder.py", line 1788, in __call__
    for value in concreteDecoder.valueDecoder(
  File "/VENV-PATH/lib/python3.11/site-packages/pyasn1/codec/ber/decoder.py", line 97, in valueDecoder
    for chunk in substrateFun(asn1Object, substrate, length, options):
  File "/VENV-PATH/lib/python3.11/site-packages/pyasn1/codec/ber/decoder.py", line 73, in substrateCollector
    for chunk in readFromStream(substrate, length, options):
  File "/VENV-PATH/lib/python3.11/site-packages/pyasn1/codec/streaming.py", line 228, in readFromStream
    received = substrate.read(size)
               ^^^^^^^^^^^^^^^^^^^^
OverflowError: cannot fit 'int' into an index-sized integer

Note that if you try a smaller input you get

>>> decoder.decode(data[:63])
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/VENV-PATH/lib/python3.11/site-packages/pyasn1/codec/ber/decoder.py", line 2005, in __call__
    raise error.SubstrateUnderrunError('Short substrate on input')
pyasn1.error.SubstrateUnderrunError: Short substrate on input

The text was updated successfully, but these errors were encountered:

adiroiban · 2024-01-24T10:47:33Z

I think that this change was introduced at 93e11a2

adiroiban · 2024-01-24T10:55:38Z

I see this code which seems that it does not validation for the length

I am not sure at which level this should be fixed

pyasn1/pyasn1/codec/ber/decoder.py

Lines 1625 to 1637 in 8dd64ac

    
           encodedLength = list(encodedLength) 
        
           # missing check on maximum size, which shouldn't be a 
        
           # problem, we can handle more than is possible 
        
           if len(encodedLength) != size: 
        
               raise error.SubstrateUnderrunError( 
        
                   '%s<%s at %s' % (size, len(encodedLength), tagSet) 
        
               ) 
        
           length = 0 
        
           for lengthOctet in encodedLength: 
        
               length <<= 8 
        
               length |= oct2int(lengthOctet) 
        
           size += 1

droideck · 2024-02-08T20:40:24Z

@adiroiban, could you please provide more context about the "random" input data you try to decode?

data = b'\xa6\x08\'\x9b\xb1\x01\'8\x19\xa3\x1f\xf3\xf181R\xa2\xd84"\x82\x9eu4~\x8d\xaa\x0f\xc3\x0e2\xbb\xa0hF\xb7\x05\xa7\x01U9\xf4\xc8+.\x98\x9a8\x94\xdbx]\xbb\xd6\x98w\xe9\xb1\xb0\xe9\xd9\x96:7$'

adiroiban · 2024-02-08T20:44:09Z

Hi. The data is just random. Is a private key for which the wrong decryption secret was used...so ended up with data without any meaning.

droideck · 2024-02-08T20:52:43Z

Hi. The data is just random. Is a private key for which the wrong decryption secret was used...so ended up with data without any meaning.

Okay, the issue is minor then, and I'll check it later when time allows. Thank you for the report!

Or, as usual, PRs are welcome! :)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

0.5.0 regression - OverflowError: cannot fit 'int' into an index-sized integer #54

0.5.0 regression - OverflowError: cannot fit 'int' into an index-sized integer #54

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

0.5.0 regression - OverflowError: cannot fit 'int' into an index-sized integer #54

0.5.0 regression - OverflowError: cannot fit 'int' into an index-sized integer #54

Comments

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!