Full_Name: Ondřej Kuzn.k Version: re24 OS: Linux i386 URL: Submission from: (NULL) (86.166.135.137)

Hi, the following will assert in liblber on i386 (and it should be possible to craft a similar one for 64bit, I think):

echo 'CoSSoJKSCg==' | base64 -d | ~/code/openldap/libraries/liblber/etest .

My first reaction was that it encodes a length that, while still not enough to overflow the address space, will have the highest bit set and is interpreted as negative when saved into to_go in io.c:658, triggering the assert. However ber_get_next is more complex than that and I can't read BER yet.