On Fri, Feb 02, 2024 at 05:16:38PM +0100, Claudio Jeker wrote:
> On Fri, Feb 02, 2024 at 12:47:42PM +0100, Theo Buehler wrote:
> > On Fri, Feb 02, 2024 at 12:42:59PM +0100, Claudio Jeker wrote:
> > > This bug was found by the mrt regress test. The problem is that
> > > an empty ASPATH has lenght 0 and ibuf_open(0) fails (currently this is the
> > > case but I had this changed in my work tree so I did not notice that).
> > 
> > ok
> > 
> > I meant to point this out during review, but I think I forgot: do we
> > want to overflow check this multiplication or (entirely for completeness)
> > or do we not care since we will error after having done (probably a lot)
> > of work?
> 
> I don't think an overflow of the size_t is possible. The length of the
> attribute is limited to a uint16_t in rde_attr_parse() and so this can not
> overflow. Btw. the same is true for mrt_extract_attr() which it the only
> other code calling aspath_inflate.

Indeed, thanks. And now that you mention it that's why I dropped the
comment - but I forgot.