Comments (5)
cyb70289
commented on May 26, 2024
4
"a" isn't valid base64 string to decode.
Indeed. But IMO invalid input should not cause undefined behaviour to a lib.
from cpp-base64.
ReneNyffenegger
commented on May 26, 2024
1
I've replaced encoded_string[] with encoded_string.at() in decode() (38c6315)
from cpp-base64.
Satancito
commented on May 26, 2024
"a" isn't valid base64 string to decode.
from cpp-base64.
pke
commented on May 26, 2024
I have to agree with @cyb70289 here. A lib should never trust user input. It should validate everything and all the time. If "a" isn't a valid base64 string to decode then the lib has to properly throw and not just crash (and introduce potential security risks by doing this).
The test suite for this lib would have to be brought up to another level to reveal all those security flaws properly. Starting by adding a regression test for this bug. Irrc the google-test library could also detect invalid memory access, but I would have to check the docs again.
from cpp-base64.
BullyWiiPlaza
commented on May 26, 2024
Agreed, why not replace *all* direct array accesses with calls to at(): Saying this is "slow" is really counter-productive and hides severe bugs such as out of bounds accesses that should not go unnoticed. Also, modern compilers might remove redundant bounds checks anyway. In literally every other language these types of bugs would throw an exception but in C/C++ we prefer to be oblivious? I hope this change will be applied at least @ReneNyffenegger
from cpp-base64.
Related Issues (20)
- Decoding throws const char* exception: If input is correct, this line should never be reached. HOT 1
- base64_encode is unsafe in multi-threaded environments HOT 1
- Create tags HOT 3
- Throw std::runtime_error instead of const char * HOT 3
- undefined reference to `base64_encode[abi:cxx11](unsigned char const*, unsigned int, bool)' HOT 2
- Buffer Overrun HOT 6
- How to build and install the base64 libraries ? HOT 2
- Test.cpp wrong expected result HOT 1
- The way of parameter passing HOT 1
- Can't able to base-64 encode for Japanese characters
- my mistake
- No output while runing test HOT 1
- Can I use this project to encrypt or decrypt a file? HOT 2
- Padding of urls HOT 1
- Decode does not safely handle strings of size not multiple of 4 HOT 1
- can't decode base64-encoded data with linebreaks HOT 1
- space truncation
- License under BSD 3-clause (or another established license)
- undefined reference to base64_encode
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cpp-base64.