Re: [ bugs in lib/base64.c]

From: Alex Rousskov <>
Date: Mon, 2 Jul 2001 08:48:45 -0600 (MDT)

Pavel Kankovsky wrote:

> The condition in base64_decode() ("j + 3 < BASE64_RESULT_SZ") is
> slighly broken too. It should add 4 rather than 3 in order to
> guarantee enough space for a new chunk of data as well as the
> terminator).

I am not sure this assessment is accurate.

Let's assume j is equal to j0 at the beginning of the last
base64_decode loop iteration. (j0 + 3) points to the fourth byte
starting with j0. We modify four bytes starting with j0 (counting the
terminator). We should be fine if those four bytes are within

Specifically: As far as I can tell, the base64_decode loop modifies:

        result[j++] = ... // change result[j0+0] and set j to j0+1
        result[j++] = ... // change result[j0+1] and set j to j0+2
        result[j++] = ... // change result[j0+2] and set j to j0+3

Outside of the loop, we modify result[j] (i.e., result[j0+3]). Thus,
we need to make sure than j0+3 is less than BASE64_RESULT_SZ. This is
exactly what the existing loop condition checks for.

The major base64_decode design flaw is that errors are silently
ignored and not propogated to the caller, but that is a different


Received on Mon Jul 02 2001 - 08:48:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:05 MST