Bug#801584: libb64: off-by-one buffer over-read in base64_decode_value()

Jakub Wilk Mon, 12 Oct 2015 02:39:26 -0700

Source: libb64
Version: 1.2-3
Tags: patch

As reported in <https://bugs.launchpad.net/bugs/1501176>, there's anoff-by-one buffer over-read in base64_decode_value().


--
Jakub Wilk

--- a/src/cdecode.c
+++ b/src/cdecode.c
@@ -13,7 +13,7 @@
 	static const char decoding_size = sizeof(decoding);
 	if (value_in < 43) return -1;
 	value_in -= 43;
-	if (value_in > decoding_size) return -1;
+	if (value_in >= decoding_size) return -1;
 	return decoding[(int)value_in];
 }

Bug#801584: libb64: off-by-one buffer over-read in base64_decode_value()

Reply via email to