base64: fix off-by-one buffer size bug

[pspp] / lib / base64.c

diff --git a/lib/base64.c b/lib/base64.c
index 99fcc57c3cc220159cd4d5dc1ba54557e3c625b4..1f07c7c48dad54249d2d59bcfb77cd63f83acc17 100644 (file)
--- a/lib/base64.c
+++ b/lib/base64.c
@@ -552,10 +552,10 @@ base64_decode_alloc_ctx (struct base64_decode_context *ctx,
 {
   /* This may allocate a few bytes too many, depending on input,
      but it's not worth the extra CPU time to compute the exact size.
-     The exact size is 3 * inlen / 4, minus 1 if the input ends
-     with "=" and minus another 1 if the input ends with "==".
+     The exact size is 3 * (inlen + (ctx ? ctx->i : 0)) / 4, minus 1 if the
+     input ends with "=" and minus another 1 if the input ends with "==".
      Dividing before multiplying avoids the possibility of overflow.  */
-  size_t needlen = 3 * (inlen / 4) + 2;
+  size_t needlen = 3 * (inlen / 4) + 3;
 
   *out = malloc (needlen);
   if (!*out)