J

https://medium.com/@migalabs/analysis-of-ethereum-2-consensus-clients-dfede8e0145e

That's because the library doesn't check if the signature length matches the actual digest. You can add checks if you want it to fail, for example in `hmac.js`, you can...

Since this issue is about ASAN, would like to highlight another extremely subtle bug described [here](https://stackoverflow.com/questions/78293129/c-programs-fail-with-asan-addresssanitizerdeadlysignal) When developers are running with the default `clang (14.0.0-1ubuntu1.1)` on default `ubuntu22.04` with `EXTRAS=asan`,...