Pavel Kankovsky wrote:
> The condition in base64_decode() ("j + 3 < BASE64_RESULT_SZ") is
> slighly broken too. It should add 4 rather than 3 in order to
> guarantee enough space for a new chunk of data as well as the
> terminator).
I am not sure this assessment is accurate.
Let's assume j is equal to j0 at the beginning of the last
base64_decode loop iteration. (j0 + 3) points to the fourth byte
starting with j0. We modify four bytes starting with j0 (counting the
terminator). We should be fine if those four bytes are within
BASE64_RESULT_SZ.
Specifically: As far as I can tell, the base64_decode loop modifies:
result[j++] = ... // change result[j0+0] and set j to j0+1
result[j++] = ... // change result[j0+1] and set j to j0+2
result[j++] = ... // change result[j0+2] and set j to j0+3
Outside of the loop, we modify result[j] (i.e., result[j0+3]). Thus,
we need to make sure than j0+3 is less than BASE64_RESULT_SZ. This is
exactly what the existing loop condition checks for.
The major base64_decode design flaw is that errors are silently
ignored and not propogated to the caller, but that is a different
story.
HTH,
Alex.
Received on Mon Jul 02 2001 - 08:48:55 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:05 MST