base64: fix possible null pointer dereference
clang-10 analyzer reports following:
base64.c:325:20: warning: Array access (from variable 'target') results in a null pointer dereference
target[tarindex] = 0;
~~~~~~ ^
and prepared test case confirms it:
Invalid write of size 1
at 0x4E4463F: b64_decode (base64.c:325)
by 0x40088C: test_invalid_inputs (tests/test-base64.c:26)
by 0x40088C: main (tests/test-base64.c:32)
Address 0x1 is not stack'd, malloc'd or (recently) free'd
Process terminating with default action of signal 11 (SIGSEGV)
Access not within mapped region at address 0x1
at 0x4E4463F: b64_decode (base64.c:325)
by 0x40088C: test_invalid_inputs (tests/test-base64.c:26)
by 0x40088C: main (tests/test-base64.c:32)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This commit is contained in:
Petr Štetiar
parent
8baeeea1f5
commit
0003ea9c45
4 changed files with 32 additions and 0 deletions
6
base64.c
6
base64.c
|
|
@ -65,6 +65,8 @@
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
|
#include "assert.h"
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
|
|
||||||
static const char Base64[] =
|
static const char Base64[] =
|
||||||
|
|
@ -144,6 +146,8 @@ int b64_encode(const void *_src, size_t srclength,
|
||||||
u_char output[4];
|
u_char output[4];
|
||||||
size_t i;
|
size_t i;
|
||||||
|
|
||||||
|
assert(dest && targsize > 0);
|
||||||
|
|
||||||
while (2 < srclength) {
|
while (2 < srclength) {
|
||||||
input[0] = *src++;
|
input[0] = *src++;
|
||||||
input[1] = *src++;
|
input[1] = *src++;
|
||||||
|
|
@ -208,6 +212,8 @@ int b64_decode(const void *_src, void *dest, size_t targsize)
|
||||||
state = 0;
|
state = 0;
|
||||||
tarindex = 0;
|
tarindex = 0;
|
||||||
|
|
||||||
|
assert(dest && targsize > 0);
|
||||||
|
|
||||||
while ((ch = (unsigned char)*src++) != '\0') {
|
while ((ch = (unsigned char)*src++) != '\0') {
|
||||||
if (isspace(ch)) /* Skip whitespace anywhere. */
|
if (isspace(ch)) /* Skip whitespace anywhere. */
|
||||||
continue;
|
continue;
|
||||||
|
|
|
||||||
|
|
@ -19,3 +19,15 @@ check that base64 is producing expected results:
|
||||||
4 foob
|
4 foob
|
||||||
5 fooba
|
5 fooba
|
||||||
6 foobar
|
6 foobar
|
||||||
|
|
||||||
|
check that b64_encode and b64_decode assert invalid input
|
||||||
|
|
||||||
|
$ alias check="egrep '(dumped|Assertion)' | sed 's;.*\(b64_.*code\).*\(Assertion.*$\);\1: \2;' | LC_ALL=C sort"
|
||||||
|
|
||||||
|
$ test-b64_decode 2>&1 | check
|
||||||
|
Aborted (core dumped)
|
||||||
|
b64_decode: Assertion `dest && targsize > 0' failed.
|
||||||
|
|
||||||
|
$ test-b64_encode 2>&1 | check
|
||||||
|
Aborted (core dumped)
|
||||||
|
b64_encode: Assertion `dest && targsize > 0' failed.
|
||||||
|
|
|
||||||
7
tests/test-b64_decode.c
Normal file
7
tests/test-b64_decode.c
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
#include "utils.h"
|
||||||
|
|
||||||
|
int main()
|
||||||
|
{
|
||||||
|
b64_decode("Zg==", NULL, 2);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
7
tests/test-b64_encode.c
Normal file
7
tests/test-b64_encode.c
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
#include "utils.h"
|
||||||
|
|
||||||
|
int main()
|
||||||
|
{
|
||||||
|
b64_encode("foo", 3, NULL, 2);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
Loading…
Add table
Reference in a new issue