202182 - Base64InputStream throws EOFException on valid input

Status: RESOLVED FIXED

(JSS Graveyard :: Library, defect)

Description

[Jamie Nicolson]

Base64InputStream throws an EOFException on the following valid input:

SW4gdGhlIG1lbW9yeSB5b3UnbGwgZmluZCBtZSwgZXllcyBidX
JuaW5nIHVwLgpUaGUgZGFya25lc3MgaG9sZGluZyBtZSB0aWdo
dGx5LCB1bnRpbCB0aGUgc3VuIHJpc2VzIHVwLgo=

read(byte[], int, int) calls read() repeatedly to get one character of output at
a time. When it gets the final '=', read() returns -1 to signal end of file. But
read(byte[], int, int) already has valid data in its buffer from all the
previous calls to read(), so it returns a positive number. Since the application
hasn't received a -1 (EOF) yet, it calls read(byte[], int, int) again, which
calls read(). But now the state machine is in an invalid state, because it still
thinks it is looking for the 4th character in a 4-byte base64 block. It sees the
end-of-file, which is invalid for that position in the state machine, and throws
an exception.

Comment 1

[Jamie Nicolson]

Attachment: patch

The solution is to record the end-of-file condition as a separate state in the
state machine. When read() sees a '=' or end-of-file, it sets its state to an
end-of-file state. The next time it is called it realizes it is already at
end-of-file and just returns -1.

Comment 2

[Jamie Nicolson]

Fixed on the trunk:

/cvsroot/mozilla/security/jss/org/mozilla/jss/util/Base64InputStream.java,v  <--
 Base64InputStream.java
new revision: 1.3; previous revision: 1.2

Comment 3

[Jamie Nicolson]

This won't make it into 3.3, but it will be in 3.4.