]> git.saurik.com Git - wxWidgets.git/blobdiff - src/common/base64.cpp
fixing overrelease and out-of-bounds write, fixes #13725
[wxWidgets.git] / src / common / base64.cpp
index 2832bffb3b8dc9c44fd042f5b56bde938abd4382..d83daee68236e4ccc8598377a42c7dfbc20a9c44 100644 (file)
@@ -9,6 +9,10 @@
 
 #include "wx/wxprec.h"
 
+#ifdef __BORLANDC__
+    #pragma hdrstop
+#endif
+
 #if wxUSE_BASE64
 
 #include "wx/base64.h"
@@ -16,9 +20,9 @@
 size_t
 wxBase64Encode(char *dst, size_t dstLen, const void *src_, size_t srcLen)
 {
-    wxCHECK_MSG( src_, wxCONV_FAILED, _T("NULL input buffer") );
+    wxCHECK_MSG( src_, wxCONV_FAILED, wxT("NULL input buffer") );
 
-    const unsigned char *src = wx_static_cast(const unsigned char *, src_);
+    const unsigned char *src = static_cast<const unsigned char *>(src_);
 
     static const char b64[] =
         "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
@@ -69,9 +73,9 @@ wxBase64Decode(void *dst_, size_t dstLen,
                wxBase64DecodeMode mode,
                size_t *posErr)
 {
-    wxCHECK_MSG( src, wxCONV_FAILED, _T("NULL input buffer") );
+    wxCHECK_MSG( src, wxCONV_FAILED, wxT("NULL input buffer") );
 
-    unsigned char *dst = wx_static_cast(unsigned char *, dst_);
+    unsigned char *dst = static_cast<unsigned char *>(dst_);
 
     size_t decLen = 0;
 
@@ -118,7 +122,7 @@ wxBase64Decode(void *dst_, size_t dstLen,
     const char *p;
     for ( p = src; srcLen; p++, srcLen-- )
     {
-        const unsigned char c = decode[wx_static_cast(unsigned char, *p)];
+        const unsigned char c = decode[static_cast<unsigned char>(*p)];
         switch ( c )
         {
             case WSP:
@@ -183,8 +187,15 @@ wxBase64Decode(void *dst_, size_t dstLen,
 
                 // undo the bit shifting done during encoding
                 *dst++ = in[0] << 2 | in[1] >> 4;
-                *dst++ = in[1] << 4 | in[2] >> 2;
-                *dst++ = in[2] << 6 | in[3];
+
+                // be careful to not overwrite the output buffer with NUL pad
+                // bytes
+                if ( padLen != 2 )
+                {
+                    *dst++ = in[1] << 4 | in[2] >> 2;
+                    if ( !padLen )
+                        *dst++ = in[2] << 6 | in[3];
+                }
             }
 
             n = 0;
@@ -212,7 +223,7 @@ wxMemoryBuffer wxBase64Decode(const char *src,
                               size_t *posErr)
 {
     wxMemoryBuffer buf;
-    wxCHECK_MSG( src, buf, _T("NULL input buffer") );
+    wxCHECK_MSG( src, buf, wxT("NULL input buffer") );
 
     if ( srcLen == wxNO_LEN )
         srcLen = strlen(src);