]> git.saurik.com Git - wxWidgets.git/blobdiff - src/common/base64.cpp
fixing overrelease and out-of-bounds write, fixes #13725
[wxWidgets.git] / src / common / base64.cpp
index 89025b0b56f94e568a6ac323023507c19f738166..d83daee68236e4ccc8598377a42c7dfbc20a9c44 100644 (file)
@@ -9,6 +9,10 @@
 
 #include "wx/wxprec.h"
 
 
 #include "wx/wxprec.h"
 
+#ifdef __BORLANDC__
+    #pragma hdrstop
+#endif
+
 #if wxUSE_BASE64
 
 #include "wx/base64.h"
 #if wxUSE_BASE64
 
 #include "wx/base64.h"
@@ -16,9 +20,9 @@
 size_t
 wxBase64Encode(char *dst, size_t dstLen, const void *src_, size_t srcLen)
 {
 size_t
 wxBase64Encode(char *dst, size_t dstLen, const void *src_, size_t srcLen)
 {
-    wxCHECK_MSG( src_, wxCONV_FAILED, _T("NULL input buffer") );
+    wxCHECK_MSG( src_, wxCONV_FAILED, wxT("NULL input buffer") );
 
 
-    const unsigned char *src = wx_static_cast(const unsigned char *, src_);
+    const unsigned char *src = static_cast<const unsigned char *>(src_);
 
     static const char b64[] =
         "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
 
     static const char b64[] =
         "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
@@ -69,9 +73,9 @@ wxBase64Decode(void *dst_, size_t dstLen,
                wxBase64DecodeMode mode,
                size_t *posErr)
 {
                wxBase64DecodeMode mode,
                size_t *posErr)
 {
-    wxCHECK_MSG( src, wxCONV_FAILED, _T("NULL input buffer") );
+    wxCHECK_MSG( src, wxCONV_FAILED, wxT("NULL input buffer") );
 
 
-    unsigned char *dst = wx_static_cast(unsigned char *, dst_);
+    unsigned char *dst = static_cast<unsigned char *>(dst_);
 
     size_t decLen = 0;
 
 
     size_t decLen = 0;
 
@@ -88,7 +92,7 @@ wxBase64Decode(void *dst_, size_t dstLen,
         PAD
     };
 
         PAD
     };
 
-    static const char decode[256] =
+    static const unsigned char decode[256] =
     {
         WSP,INV,INV,INV,INV,INV,INV,INV,INV,WSP,WSP,INV,WSP,WSP,INV,INV,
         INV,INV,INV,INV,INV,INV,INV,INV,INV,INV,INV,INV,INV,INV,INV,INV,
     {
         WSP,INV,INV,INV,INV,INV,INV,INV,INV,WSP,WSP,INV,WSP,WSP,INV,INV,
         INV,INV,INV,INV,INV,INV,INV,INV,INV,INV,INV,INV,INV,INV,INV,INV,
@@ -118,7 +122,7 @@ wxBase64Decode(void *dst_, size_t dstLen,
     const char *p;
     for ( p = src; srcLen; p++, srcLen-- )
     {
     const char *p;
     for ( p = src; srcLen; p++, srcLen-- )
     {
-        const char c = decode[(int)*p];     // cast just to suppress warnings
+        const unsigned char c = decode[static_cast<unsigned char>(*p)];
         switch ( c )
         {
             case WSP:
         switch ( c )
         {
             case WSP:
@@ -132,7 +136,7 @@ wxBase64Decode(void *dst_, size_t dstLen,
 
                 // force the loop to stop and an error to be returned
                 n = -1;
 
                 // force the loop to stop and an error to be returned
                 n = -1;
-                srcLen = 0;
+                srcLen = 1;
                 break;
 
             case PAD:
                 break;
 
             case PAD:
@@ -156,7 +160,7 @@ wxBase64Decode(void *dst_, size_t dstLen,
                 {
                     // force the loop terminate with an error
                     n = -1;
                 {
                     // force the loop terminate with an error
                     n = -1;
-                    srcLen = 0;
+                    srcLen = 1;
                 }
                 break;
 
                 }
                 break;
 
@@ -165,7 +169,7 @@ wxBase64Decode(void *dst_, size_t dstLen,
                 {
                     // nothing is allowed after the end so provoke error return
                     n = -1;
                 {
                     // nothing is allowed after the end so provoke error return
                     n = -1;
-                    srcLen = 0;
+                    srcLen = 1;
                     break;
                 }
 
                     break;
                 }
 
@@ -183,8 +187,15 @@ wxBase64Decode(void *dst_, size_t dstLen,
 
                 // undo the bit shifting done during encoding
                 *dst++ = in[0] << 2 | in[1] >> 4;
 
                 // undo the bit shifting done during encoding
                 *dst++ = in[0] << 2 | in[1] >> 4;
-                *dst++ = in[1] << 4 | in[2] >> 2;
-                *dst++ = in[2] << 6 | in[3];
+
+                // be careful to not overwrite the output buffer with NUL pad
+                // bytes
+                if ( padLen != 2 )
+                {
+                    *dst++ = in[1] << 4 | in[2] >> 2;
+                    if ( !padLen )
+                        *dst++ = in[2] << 6 | in[3];
+                }
             }
 
             n = 0;
             }
 
             n = 0;
@@ -194,7 +205,11 @@ wxBase64Decode(void *dst_, size_t dstLen,
     if ( n )
     {
         if ( posErr )
     if ( n )
     {
         if ( posErr )
-            *posErr = p - src;
+        {
+            // notice that the error was on a previous position as we did one
+            // extra "p++" in the loop line after it
+            *posErr = p - src - 1;
+        }
 
         return wxCONV_FAILED;
     }
 
         return wxCONV_FAILED;
     }
@@ -208,7 +223,7 @@ wxMemoryBuffer wxBase64Decode(const char *src,
                               size_t *posErr)
 {
     wxMemoryBuffer buf;
                               size_t *posErr)
 {
     wxMemoryBuffer buf;
-    wxCHECK_MSG( src, buf, _T("NULL input buffer") );
+    wxCHECK_MSG( src, buf, wxT("NULL input buffer") );
 
     if ( srcLen == wxNO_LEN )
         srcLen = strlen(src);
 
     if ( srcLen == wxNO_LEN )
         srcLen = strlen(src);