bugfix: check buffer-size in decoding/encoding

src/ua_basictypes.c

@@ -394,9 +394,15 @@ UA_Int32 UA_String_decodeBinary(UA_ByteString const * src, UA_Int32* pos, UA_Str
 	UA_Int32 retval = UA_SUCCESS;
 	retval |= UA_Int32_decodeBinary(src,pos,&(dst->length));
 	if (dst->length > 0) {
-		retval |= UA_alloc((void**)&(dst->data),dst->length);
-		retval |= UA_memcpy(dst->data,&(src->data[*pos]),dst->length);
-		*pos += dst->length;
+		if (*pos >= 0 && (dst->length <= (src->length - *pos))) { // read beyond end of src is assumed to be an error
+			retval |= UA_alloc((void**)&(dst->data),dst->length);
+			retval |= UA_memcpy(dst->data,&(src->data[*pos]),dst->length);
+			*pos += dst->length;
+		} else {
+			dst->data = UA_NULL;
+			dst->length = -1;
+			retval = UA_ERR_INVALID_VALUE;
+		}
 	} else {
 		dst->data = UA_NULL;
 	}

tests/check_memory.c

@@ -85,7 +85,7 @@ int main() {
 	suite_add_tcase(s,tc);
 
 	sr = srunner_create(s);
-	//for debugging puposes only
+	//for debugging puposes only, will break make check
 	//srunner_set_fork_status(sr,CK_NOFORK);
 	srunner_run_all(sr,CK_NORMAL);
 	number_failed += srunner_ntests_failed(sr);