## Description of problem: The bound check in ETYPE_OK may lead to out-of-bound access. ## Version of libtasn1 used: 4.16.0 ## Distributor of libtasn1 (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: ``` #include <stdlib.h> #include <stdio.h> #include <libtasn1.h> int main(int argc, char *argv[]) { unsigned int etype = 38; unsigned int str_len = 10; unsigned char *str = malloc(str_len); unsigned int tl_len = 10; unsigned char *tl = malloc(tl_len); asn1_encode_simple_der(etype, str, str_len, tl, &tl_len); return 0; } ``` Steps to Reproduce: * Compile the program with `-fsanitize=address,leak,undefined` * Run ## Actual results: ``` ==23616==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000042e208 at pc 0x000000402854 bp 0x7fffe0995170 sp 0x7fffe0995160 READ of size 8 at 0x00000042e208 thread T0 #0 0x402853 in asn1_encode_simple_der ../../libtasn1-4.16.0/lib/coding.c:218 ``` ## Expected results: The macro should do this check instead: ``` (etype) < _asn1_tags_size ```