]> git.saurik.com Git - wxWidgets.git/blobdiff - src/common/base64.cpp
fixing overrelease and out-of-bounds write, fixes #13725
[wxWidgets.git] / src / common / base64.cpp
index 8ac4ebcadf9e94b84f4db10be61d98dcf9534301..d83daee68236e4ccc8598377a42c7dfbc20a9c44 100644 (file)
@@ -20,7 +20,7 @@
 size_t
 wxBase64Encode(char *dst, size_t dstLen, const void *src_, size_t srcLen)
 {
-    wxCHECK_MSG( src_, wxCONV_FAILED, _T("NULL input buffer") );
+    wxCHECK_MSG( src_, wxCONV_FAILED, wxT("NULL input buffer") );
 
     const unsigned char *src = static_cast<const unsigned char *>(src_);
 
@@ -73,7 +73,7 @@ wxBase64Decode(void *dst_, size_t dstLen,
                wxBase64DecodeMode mode,
                size_t *posErr)
 {
-    wxCHECK_MSG( src, wxCONV_FAILED, _T("NULL input buffer") );
+    wxCHECK_MSG( src, wxCONV_FAILED, wxT("NULL input buffer") );
 
     unsigned char *dst = static_cast<unsigned char *>(dst_);
 
@@ -187,8 +187,15 @@ wxBase64Decode(void *dst_, size_t dstLen,
 
                 // undo the bit shifting done during encoding
                 *dst++ = in[0] << 2 | in[1] >> 4;
-                *dst++ = in[1] << 4 | in[2] >> 2;
-                *dst++ = in[2] << 6 | in[3];
+
+                // be careful to not overwrite the output buffer with NUL pad
+                // bytes
+                if ( padLen != 2 )
+                {
+                    *dst++ = in[1] << 4 | in[2] >> 2;
+                    if ( !padLen )
+                        *dst++ = in[2] << 6 | in[3];
+                }
             }
 
             n = 0;
@@ -216,7 +223,7 @@ wxMemoryBuffer wxBase64Decode(const char *src,
                               size_t *posErr)
 {
     wxMemoryBuffer buf;
-    wxCHECK_MSG( src, buf, _T("NULL input buffer") );
+    wxCHECK_MSG( src, buf, wxT("NULL input buffer") );
 
     if ( srcLen == wxNO_LEN )
         srcLen = strlen(src);