PL_Base64Decode bad memory dereference if passed a 0-length string

RESOLVED FIXED in 4.2

Status

defect
P1
normal
RESOLVED FIXED
18 years ago
18 years ago

People

(Reporter: rogc, Assigned: wtc)

Tracking

x86
Windows 2000

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

Reporter

Description

18 years ago
PL_Base64Code will index into its input string with a negative
offset if you pass in an empty string.
Reporter

Comment 1

18 years ago
Posted patch A possible fix (obsolete) — Splinter Review
Here's a fix.  Let me know if you'd like me to check it in.
Assignee

Comment 2

18 years ago
Comment on attachment 77345 [details] [diff] [review]
A possible fix

Your fix is correct.  Thanks.
Attachment #77345 - Flags: review+
Assignee

Comment 3

18 years ago
Fix checked in.
Status: NEW → RESOLVED
Closed: 18 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → 4.2
Assignee

Comment 4

18 years ago
I added parentheses around 0 == (srclen & 3).  gcc likes that better.
Assignee

Updated

18 years ago
Attachment #77345 - Attachment is obsolete: true
Reporter

Comment 5

18 years ago
Cool.  Thanks, Wan-Teh!!

-Roger
You need to log in before you can comment on or make changes to this bug.