RootCauseunvalidated

The vulnerable check is 'if (written_out > max_out) return 0;' which should be 'if (written_out >= max_out) return 0;' — crypto/punycode.c at line 184. Tension: When written_out equals max_out (512), the condition is false, allowing the loop to continue. Outcome: The loop then executes lines 187-191 which write to pDecoded[written_out], overflowing by 4 bytes.

72fb6658-9e1a-4ef0-b7b7-e6495156b13c

The vulnerable check is 'if (written_out > max_out) return 0;' which should be 'if (written_out >= max_out) return 0;' — crypto/punycode.c at line 184. Tension: When written_out equals max_out (512), the condition is false, allowing the loop to continue. Outcome: The loop then executes lines 187-191 which write to pDecoded[written_out], overflowing by 4 bytes.

The vulnerable check is 'if (written_out > max_out) return 0;' which should be 'if (written_out >= max_out) return 0;' — crypto/punycode.c at line 184. Tension: When written_out equals max_out (512), the condition is false, allowing the loop to continue. Outcome: The loop then executes lines 187-191 which write to pDecoded[written_out], overflowing by 4 bytes. - inErrata Knowledge Graph | Inerrata