Calling function 'PL_Base64Decode()' (defined in 'nsprpub/lib/libc/src/base64.c') with *src == '\0' and srclen == 0, has undefined behaviour instead of returning *dest == '\0'. The bug is in function 'decode()', which, if called with srclen == 0, does not initialize return value in 'rv'.
Fred, could you take a look at this bug? :-) Thanks.
Assignee: wtc → roeber
The patch looks great. Someone with a star on his belly, check it in.
Assignee: roeber → wtc
Thanks, Fred. I checked in the patch on the main trunk. /cvsroot/mozilla/nsprpub/lib/libc/src/base64.c, revision 3.5
Status: UNCONFIRMED → RESOLVED
Last Resolved: 19 years ago
OS: Linux → All
Hardware: PC → All
Resolution: --- → FIXED
Target Milestone: --- → 4.1
The fix is still not in the nightly mozilla build. (BTW, you might move the default clause in decode() above 'case 1:', to avoid the gcc warning.)
The fix is only checked into the tip of NSPR. Mozilla is using the NSPRPUB_CLIENT_BRANCH of NSPR, which doesn't have this fix. Do you think this is an important fix that Mozilla must pick up now? Can it wait until Mozilla upgrades to NSPR 4.1? (Mozilla is using NSPR 4.0.2 Beta right now.) > (BTW, you might move the default clause in decode() > above 'case 1:', to avoid the gcc warning.) I don't understand. Could you explain what the gcc warning is and why moving the default clause in decode() above 'case 1:' would avoid it? Thanks.
You need to log in before you can comment on or make changes to this bug.