Reader/(Writer?) vulnerabilities

[Nul-led]

Found by Altanis

• You can cause the undefined behavior when reading unsigned integers due to buffer overflow when the received buffer is too short. We should check for EOF before reading.
• Apparently you can force vu to return -1 somehow, he didnt elaborate how though.
• StringNT can also be forced to "look back in forth through the buffer" in some way.

Apparently none of these cause crashes but may or may not lead to UB.

[Altanis]

u8, u16, and u32 can all return undefined if the buffer is too short (i.e., u8 expects 1 byte forward, but if there are no more bytes left, this.buffer[this.at++] returns undefined).

Similarly, vu can return -1 if this.buffer[this.at++] returns undefined as explained above.

stringNT falsely assumes the buffer must have a null terminator to mark the end of a string, and it calls Decoder.decode on this.buffer.subarray(this.at, this.at = this.buffer.indexOf(0, this.at) + 1) - 1). indexOf can return -1 if no null terminator is present, which would make the end parameter of subarray less than the start one and thus look backwards through the array

[abcxff]

diepcustom/src/Coder/Reader.ts

Line 64 in 269ac33

while (this.buffer[this.at] & 0x80) {

missing a condition:

while ((this.buffer[this.at] & 0x80) && i < 24) {

or, rewrite vu to be a bit cleaner and easier to secure.