mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-12-26 20:55:35 +03:00
AK: Don't crash on invalid Base64 input
In the long-term, we should probably have a way to signal decoding failure. For now, it should suffice to at least not crash. This is particularly relevant because apparently this can be triggered while parsing a PEM certificate, which happens during every TLS connection. Found by OSS Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38979
This commit is contained in:
parent
20f73d2abc
commit
3bf1f7ae87
Notes:
sideshowbarker
2024-07-18 03:20:18 +09:00
Author: https://github.com/BenWiederhake Commit: https://github.com/SerenityOS/serenity/commit/3bf1f7ae874 Pull-request: https://github.com/SerenityOS/serenity/pull/10590 Reviewed-by: https://github.com/linusg
@ -61,7 +61,7 @@ ByteBuffer decode_base64(const StringView& input)
|
||||
*is_padding = true;
|
||||
return 0;
|
||||
}
|
||||
return table[input[offset]];
|
||||
return table[static_cast<unsigned char>(input[offset])];
|
||||
};
|
||||
|
||||
Vector<u8> output;
|
||||
|
@ -27,6 +27,14 @@ TEST_CASE(test_decode)
|
||||
decode_equal("Zm9vYmFy", "foobar");
|
||||
}
|
||||
|
||||
TEST_CASE(test_decode_nocrash)
|
||||
{
|
||||
// Any output is fine, we only check that we don't crash here.
|
||||
decode_base64(StringView("asdf\xffqwer"));
|
||||
decode_base64(StringView("asdf\x80qwer"));
|
||||
// TODO: Handle decoding failure.
|
||||
}
|
||||
|
||||
TEST_CASE(test_encode)
|
||||
{
|
||||
auto encode_equal = [&](const char* input, const char* expected) {
|
||||
|
Loading…
Reference in New Issue
Block a user