Bug 492779: Added comments to plbase64.h to explain how to avoid PRUint32
authorwtc%google.com
Fri, 22 May 2009 04:17:38 +0000
changeset 4126 c0220cbc4c0965d1ec51b1166e3a7069d6ed691d
parent 4125 a27d0002986a842df9efd590f89a31052ea3309a
child 4135 b70d5dd1d00cee41c886145cf6c50f3799b78955
push idunknown
push userunknown
push dateunknown
bugs492779
Bug 492779: Added comments to plbase64.h to explain how to avoid PRUint32 overflow when calculating destination buffer sizes. Call strlen instead of PL_strlen so we can detect size_t to PRUint32 truncations. Changed PL_Base64Decode to use the exact same formula documented in the header. r=nelson. Modified Files: plbase64.h base64.c
lib/libc/include/plbase64.h
--- a/lib/libc/include/plbase64.h
+++ b/lib/libc/include/plbase64.h
@@ -52,16 +52,20 @@ PR_BEGIN_EXTERN_C
  * is used to determine the source length.  If the "dest" parameter is not
  * null, it is assumed to point to a buffer of sufficient size (which may be
  * calculated: ((srclen + 2)/3)*4) into which the encoded data is placed 
  * (without any termination).  If the "dest" parameter is null, a buffer is
  * allocated from the heap to hold the encoded data, and the result *will*
  * be terminated with an extra null character.  It is the caller's 
  * responsibility to free the result when it is allocated.  A null is returned 
  * if the allocation fails.
+ *
+ * NOTE: when calculating ((srclen + 2)/3)*4), first ensure that
+ *     srclen <= (PR_UINT32_MAX/4) * 3
+ * to avoid PRUint32 overflow.
  */
 
 PR_EXTERN(char *)
 PL_Base64Encode
 (
     const char *src,
     PRUint32    srclen,
     char       *dest
@@ -78,16 +82,22 @@ PL_Base64Encode
  * length.  If the "dest" parameter is not null, it is assumed to point to
  * a buffer of sufficient size (which may be calculated: (srclen * 3)/4
  * when srclen includes the '=' characters) into which the decoded data
  * is placed (without any termination).  If the "dest" parameter is null,
  * a buffer is allocated from the heap to hold the decoded data, and the
  * result *will* be terminated with an extra null character.  It is the
  * caller's responsibility to free the result when it is allocated.  A null
  * is retuned if the allocation fails, or if the source is not well-coded.
+ *
+ * NOTE: when calculating (srclen * 3)/4, first ensure that 
+ *     srclen <= PR_UINT32_MAX/3
+ * to avoid PRUint32 overflow.  Alternatively, calculate
+ *     (srclen/4) * 3 + ((srclen%4) * 3)/4
+ * which is equivalent but doesn't overflow for any value of srclen.
  */
 
 PR_EXTERN(char *)
 PL_Base64Decode
 (
     const char *src,
     PRUint32    srclen,
     char       *dest