Denis, On 10/21/20 14:53, Denis Kovalchuk wrote: > Hello. > > If I am not mistaken, there is an undefined behavior in apr_pbase64_encode() > function: > > encoded = (char *) apr_palloc(p, apr_base64_encode_len(l)); > l = apr_base64_encode(encoded, string, l); > encoded[l] = '\0'; /* make binary sequence into string */ > > encoded[l] is out of bounds, because apr_base64_encode() returns the length of > the encoded string, including '\0'.
This is not out-of-bounds. It's just useless. There is no UB here. > As far as I understand, there is no need to > set '\0' at all, because apr_base64_encode() already appends it. Based on > this, > I suggest to get rid of the explicit '\0' setting. +1 It looks like r1780034 fixed the initial patch (r1490248) to remove an extra byte from the char array, but failed to see that there was another mistake in there. -chris
