luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-04-27 17:46:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix OOB write (#340538)

Browse Source 
2006-05-04  Alexander Larsson  <alexl@redhat.com>

	* glib/gbase64.c: (g_base64_decode_step):
	Fix OOB write (#340538)
This commit is contained in:
Alexander Larsson 2006-05-04 15:53:36 +00:00 committed by Alexander Larsson
parent 92dc9fe794
commit ac059df75b
3 changed files with 23 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -1,3 +1,8 @@
2006-05-04 Alexander Larsson <alexl@redhat.com>
* glib/gbase64.c: (g_base64_decode_step):
Fix OOB write (#340538)
2006-05-03 Matthias Clasen <mclasen@redhat.com> 2006-05-03 Matthias Clasen <mclasen@redhat.com>
* tests/base64-test.c: Add some more tests. * tests/base64-test.c: Add some more tests.

5
ChangeLog.pre-2-12
View File

@ -1,3 +1,8 @@
2006-05-04 Alexander Larsson <alexl@redhat.com>
* glib/gbase64.c: (g_base64_decode_step):
Fix OOB write (#340538)
2006-05-03 Matthias Clasen <mclasen@redhat.com> 2006-05-03 Matthias Clasen <mclasen@redhat.com>
* tests/base64-test.c: Add some more tests. * tests/base64-test.c: Add some more tests.

34
glib/gbase64.c
View File

@ -280,7 +280,8 @@ g_base64_decode_step (const gchar *in,
const guchar *inptr; const guchar *inptr;
guchar *outptr; guchar *outptr;
const guchar *inend; const guchar *inend;
guchar c; guchar c, rank;
guchar last[2];
unsigned int v; unsigned int v;
int i; int i;
@ -291,18 +292,24 @@ g_base64_decode_step (const gchar *in,
v=*save; v=*save;
i=*state; i=*state;
inptr = (const guchar *)in; inptr = (const guchar *)in;
last[0] = last[1] = 0;
while (inptr < inend) while (inptr < inend)
{ {
c = mime_base64_rank [*inptr++]; c = *inptr++;
if (c != 0xff) rank = mime_base64_rank [c];
if (rank != 0xff)
{ {
v = (v<<6) | c; last[1] = last[0];
last[0] = c;
v = (v<<6) | rank;
i++; i++;
if (i==4) if (i==4)
{ {
*outptr++ = v>>16; *outptr++ = v>>16;
*outptr++ = v>>8; if (last[1] != '=')
*outptr++ = v; *outptr++ = v>>8;
if (last[0] != '=')
*outptr++ = v;
i=0; i=0;
} }
} }
@ -311,21 +318,6 @@ g_base64_decode_step (const gchar *in,
*save = v; *save = v;
*state = i; *state = i;
/* quick scan back for '=' on the end somewhere */
/* fortunately we can drop 1 output char for each trailing = (upto 2) */
i=2;
while (inptr > (const guchar *)in && i)
{
inptr--;
if (mime_base64_rank [*inptr] != 0xff)
{
if (*inptr == '=')
outptr--;
i--;
}
}
/* if i!= 0 then there is a truncation error! */
return outptr - out; return outptr - out;
} }