@@ -65,6 +65,8 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+
+#include "assert.h"
#include "utils.h"
static const char Base64[] =
@@ -144,6 +146,8 @@ int b64_encode(const void *_src, size_t srclength,
u_char output[4];
size_t i;
+ assert(dest && targsize > 0);
+
while (2 < srclength) {
input[0] = *src++;
input[1] = *src++;
@@ -208,6 +212,8 @@ int b64_decode(const void *_src, void *dest, size_t targsize)
state = 0;
tarindex = 0;
+ assert(dest && targsize > 0);
+
while ((ch = (unsigned char)*src++) != '\0') {
if (isspace(ch)) /* Skip whitespace anywhere. */
continue;
@@ -8,3 +8,5 @@ ENDMACRO(ADD_UNIT_TEST)
ADD_UNIT_TEST(avl)
ADD_UNIT_TEST(b64)
+ADD_UNIT_TEST(b64_encode)
+ADD_UNIT_TEST(b64_decode)
@@ -25,3 +25,5 @@ ENDMACRO(ADD_CRAM_TEST_ENV)
ADD_CRAM_TEST_ENV(JSHN jshn)
ADD_CRAM_TEST_ENV(TEST_AVL test-avl)
ADD_CRAM_TEST_ENV(TEST_B64 test-b64)
+ADD_CRAM_TEST_ENV(TEST_B64_ENCODE test-b64_encode)
+ADD_CRAM_TEST_ENV(TEST_B64_DECODE test-b64_decode)
@@ -15,3 +15,11 @@ check that base64 is producing expected results:
4 foob
5 fooba
6 foobar
+
+ $ $TEST_B64_DECODE 2>&1 | cut -d : -f4-
+ b64_decode: Assertion `dest && targsize > 0' failed.
+ Aborted (core dumped)
+
+ $ $TEST_B64_ENCODE 2>&1 | cut -d : -f4-
+ b64_encode: Assertion `dest && targsize > 0' failed.
+ Aborted (core dumped)
new file mode 100644
@@ -0,0 +1,7 @@
+#include "utils.h"
+
+int main()
+{
+ b64_decode("Zg==", NULL, 2);
+ return 0;
+}
new file mode 100644
@@ -0,0 +1,7 @@
+#include "utils.h"
+
+int main()
+{
+ b64_encode("foo", 3, NULL, 2);
+ return 0;
+}
clang-10 analyzer reports following: base64.c:325:20: warning: Array access (from variable 'target') results in a null pointer dereference target[tarindex] = 0; ~~~~~~ ^ and prepared test case confirms it: Invalid write of size 1 at 0x4E4463F: b64_decode (base64.c:325) by 0x40088C: test_invalid_inputs (tests/test-base64.c:26) by 0x40088C: main (tests/test-base64.c:32) Address 0x1 is not stack'd, malloc'd or (recently) free'd Process terminating with default action of signal 11 (SIGSEGV) Access not within mapped region at address 0x1 at 0x4E4463F: b64_decode (base64.c:325) by 0x40088C: test_invalid_inputs (tests/test-base64.c:26) by 0x40088C: main (tests/test-base64.c:32) Signed-off-by: Petr Štetiar <ynezz@true.cz> --- base64.c | 6 ++++++ tests/CMakeLists.txt | 2 ++ tests/cram/CMakeLists.txt | 2 ++ tests/cram/test_base64.t | 8 ++++++++ tests/test-b64_decode.c | 7 +++++++ tests/test-b64_encode.c | 7 +++++++ 6 files changed, 32 insertions(+) create mode 100644 tests/test-b64_decode.c create mode 100644 tests/test-b64_encode.c