Unexpected IndexError exception on malformed input

[Google-Autofuzz]

When running the following code with the latest version of asn1crypto on the attached input in an unexpected IndexError exception:

import sys
from asn1crypto.core import Sequence

with open(sys.argv[1], 'rb') as f:
    data = f.read()
parsed = Sequence.load(data)
parsed.copy()  # force parsing
parsed.dump(force=True)

$ python3 asn2crypto_repro.py testcase.txt
Traceback (most recent call last):
  File "asn2crypto_repro.py", line 6, in <module>
    parsed = Sequence.load(data)
  File "/home/user/.local/lib/python3.8/site-packages/asn1crypto/core.py", line 230, in load
    value, _ = _parse_build(encoded_data, spec=spec, spec_params=kwargs, strict=strict)
  File "/home/user/.local/lib/python3.8/site-packages/asn1crypto/core.py", line 5668, in _parse_build
    info, new_pointer = _parse(encoded_data, encoded_len, pointer)
  File "/home/user/.local/lib/python3.8/site-packages/asn1crypto/parser.py", line 175, in _parse
    num = ord(encoded_data[pointer]) if _PY2 else encoded_data[pointer]
IndexError: index out of range

test.txt

[joernheissler]

Hi,
the error message could be clearer, but is there any real problem?
You're getting an exception for malformed input. Sounds fine to me.

[Google-Autofuzz]

I would expect an exception provided by asn1crypto.
I didn't manage to find the right™ way to handle exceptions that could be raised by asn1crypto in its documentation. Is except Exception the way to go?

[joernheissler]

https://github.com/wbond/asn1crypto/blob/master/asn1crypto/core.py#L159
raises ValueError - when the ASN.1 header length is longer than the data.

I expect (really not sure) that all parser errors will be some ValueError.

[Google-Autofuzz]

IndexError isn't a ValueError.

[joernheissler]

IndexError isn't a ValueError.

whoops :-)

[wbond]

I think we can improve the parse functions to be sure to raise a ValueError