From 5f311ddc7844b5817356b0297bf8b5f5e8087bdc Mon Sep 17 00:00:00 2001 From: bakkeby Date: Tue, 24 Mar 2020 14:21:08 +0100 Subject: [PATCH] base64dec: don't read out of bounds (0b2eb9) --- st.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/st.c b/st.c index dfb56e0..bbf63fe 100644 --- a/st.c +++ b/st.c @@ -388,7 +388,7 @@ char base64dec_getc(const char **src) { while (**src && !isprint(**src)) (*src)++; - return *((*src)++); + return **src ? *((*src)++) : '='; /* emulate padding if string ends */ } char * @@ -406,6 +406,10 @@ base64dec(const char *src) int c = base64_digits[(unsigned char) base64dec_getc(&src)]; int d = base64_digits[(unsigned char) base64dec_getc(&src)]; + /* invalid input. 'a' can be -1, e.g. if src is "\n" (c-str) */ + if (a == -1 || b == -1) + break; + *dst++ = (a << 2) | ((b & 0x30) >> 4); if (c == -1) break;