out-of-bounds reads

[totaam]

The parsing functions do not check against the end of the buffer, causing out-of-bounds reads.
This can lead to crashes if the operating system checks for this sort of thing, or this can cause memory contents to be leaked to an attacker.
Here's a very simple poc:

from rencode import _rencode as rencode
v = "1024:shortstring"
s = rencode.loads(v)
print("loads(%s)=%s" % (v, s))

[aresch]

I am not seeing this problem. The check_pos() https://github.com/aresch/rencode/blob/master/rencode/rencode.pyx#L470
function should handle this and we call it practically everywhere while decoding the byte string.

>>> v = b"1024:shortstring"
>>> s = rencode.loads(v)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/rencode/rencode.pyx", line 546, in rencode._rencode.loads (rencode/rencode.c:7425)
  File "/rencode/rencode.pyx", line 508, in rencode._rencode.decode (rencode/rencode.c:6958)
  File "/rencode/rencode.pyx", line 431, in rencode._rencode.decode_str (rencode/rencode.c:5825)
  File "/rencode/rencode.pyx", line 477, in rencode._rencode.check_pos (rencode/rencode.c:6434)
IndexError: Tried to access data[1028] but data len is: 16

[totaam]

Sorry about that, I had somehow reverted to an older version during testing.
This bug is invalid, closing.