+2011-08-10 Paul Eggert <eggert@cs.ucla.edu>
+
+ base64: fix off-by-one buffer size bug
+ Problem and (trivial) fix reported by Gijs van Tulder in
+ <http://lists.gnu.org/archive/html/bug-gnulib/2011-08/msg00083.html>.
+ * lib/base64.c (base64_decode_alloc_ctx): Allocate one more byte.
+ * tests/test-base64.c (main): Catch the bug.
+
2011-08-10 Eric Blake <eblake@redhat.com>
closein: correct comments
{
/* This may allocate a few bytes too many, depending on input,
but it's not worth the extra CPU time to compute the exact size.
- The exact size is 3 * inlen / 4, minus 1 if the input ends
- with "=" and minus another 1 if the input ends with "==".
+ The exact size is 3 * (inlen + (ctx ? ctx->i : 0)) / 4, minus 1 if the
+ input ends with "=" and minus another 1 if the input ends with "==".
Dividing before multiplying avoids the possibility of overflow. */
- size_t needlen = 3 * (inlen / 4) + 2;
+ size_t needlen = 3 * (inlen / 4) + 3;
*out = malloc (needlen);
if (!*out)
ok = base64_decode_alloc_ctx (&ctx, "hp", 2, &p, &len);
ASSERT (ok);
- ASSERT (len == 2);
- /* Actually this looks buggy. Shouldn't output be 'ghi'? */
- ASSERT (memcmp (p, "gh", len) == 0);
+ ASSERT (len == 3);
+ ASSERT (memcmp (p, "ghi", len) == 0);
ok = base64_decode_alloc_ctx (&ctx, "", 0, &p, &len);
ASSERT (ok);
}
projects / pspp / commitdiff