improve base64 encode

- better data source too large check - could write up to three bytes too far in worst case - remove dead base64.h - add an assert for overflow see https://github.com/libvips/libvips/issues/1263
2019-03-20 12:50:44 +00:00 · 2019-03-20 12:50:44 +00:00 · d7f9ad8b41
commit d7f9ad8b41
parent 16d6e995a3
3 changed files with 11 additions and 33 deletions
--- a/libvips/iofuncs/Makefile.am
+++ b/libvips/iofuncs/Makefile.am
@ -9,7 +9,6 @@ libiofuncs_la_SOURCES = \
 	gate.c \
 	enumtypes.c \
 	object.c \
-	base64.h \
 	base64.c \
 	error.c \
 	image.c \
--- a/libvips/iofuncs/base64.c
+++ b/libvips/iofuncs/base64.c
@ -67,6 +67,10 @@ Modified on:
 31/5/15
 	- oops siged/unsigned mess-up meant we were not padding correctly

+20/3/19
+	- larger output allocate
+	- better max size check
+
 */

 /*
@ -84,8 +88,7 @@ Modified on:
 #include <assert.h>

 #include <vips/vips.h>
-
-#include "base64.h"
+#include <vips/internal.h>

 static unsigned char b64_list[] =
 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
@ -159,20 +162,20 @@ char *
 vips__b64_encode( const unsigned char *data, size_t data_length )
 {
 	/* Worst case: 1.333 chars per byte, plus 10% for extra carriage 
-	 * returns and stuff. And the \n\0 at the end.
+	 * returns and stuff, plus the final \n\0.
 	 */
-	const size_t output_data_length = data_length * 44 / 30 + 2;
+	const size_t output_data_length = data_length * 44 / 30 + 10;

 	char *buffer;
 	char *p;
 	int i;
 	int cursor;

-	if( output_data_length > 10 * 1024 * 1024 ) {
+	if( data_length > 10 * 1024 * 1024 ) {
 		/* We shouldn't really be used for large amounts of data, plus
 		 * we are using int offsets.
 		 *
-		 * A large ICC profile can be 1MB, so allow 10MB of b64.
+		 * A large ICC profile can be 1MB, so allow 10MB.
 		 */
 		vips_error( "vips__b64_encode", "%s", _( "too much data" ) );
 		return( NULL );
@ -202,6 +205,8 @@ vips__b64_encode( const unsigned char *data, size_t data_length )
 		*p++ = '\n';
 	*p++ = '\0';

+	g_assert( (size_t) (p - buffer) < output_data_length );
+
 #ifdef DEBUG
 {
 	unsigned int total;
--- a/libvips/iofuncs/base64.h
+++ b/libvips/iofuncs/base64.h
@ -1,26 +0,0 @@
-/*
-
-    Copyright (C) 1991-2005 The National Gallery
-
-    This library is free software; you can redistribute it and/or
-    modify it under the terms of the GNU Lesser General Public
-    License as published by the Free Software Foundation; either
-    version 2.1 of the License, or (at your option) any later version.
-
-    This library is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU 
-    Lesser General Public License for more details.
-
-    You should have received a copy of the GNU Lesser General Public
-    License along with this library; if not, write to the Free Software
-    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-    02110-1301  USA
-
- */
-
-/* base64 encode/decode functions. 
- */
-
-char *im__b64_encode( const unsigned char *data, size_t data_length );
-unsigned char *im__b64_decode( const char *buffer, size_t *data_length );