clang-10 analyzer reports following:
base64.c:325:20: warning: Array access (from variable 'target') results in a null pointer dereference
target[tarindex] = 0;
~~~~~~ ^
and prepared test case confirms it:
Invalid write of size 1
at 0x4E4463F: b64_decode (base64.c:325)
by 0x40088C: test_invalid_inputs (tests/test-base64.c:26)
by 0x40088C: main (tests/test-base64.c:32)
Address 0x1 is not stack'd, malloc'd or (recently) free'd
Process terminating with default action of signal 11 (SIGSEGV)
Access not within mapped region at address 0x1
at 0x4E4463F: b64_decode (base64.c:325)
by 0x40088C: test_invalid_inputs (tests/test-base64.c:26)
by 0x40088C: main (tests/test-base64.c:32)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+
+#include "assert.h"
#include "utils.h"
static const char Base64[] =
u_char output[4];
size_t i;
+ assert(dest && targsize > 0);
+
while (2 < srclength) {
input[0] = *src++;
input[1] = *src++;
state = 0;
tarindex = 0;
+ assert(dest && targsize > 0);
+
while ((ch = (unsigned char)*src++) != '\0') {
if (isspace(ch)) /* Skip whitespace anywhere. */
continue;
4 foob
5 fooba
6 foobar
+
+check that b64_encode and b64_decode assert invalid input
+
+ $ alias check="egrep '(dumped|Assertion)' | sed 's;.*\(b64_.*code\).*\(Assertion.*$\);\1: \2;' | LC_ALL=C sort"
+
+ $ test-b64_decode 2>&1 | check
+ Aborted (core dumped)
+ b64_decode: Assertion `dest && targsize > 0' failed.
+
+ $ test-b64_encode 2>&1 | check
+ Aborted (core dumped)
+ b64_encode: Assertion `dest && targsize > 0' failed.
--- /dev/null
+#include "utils.h"
+
+int main()
+{
+ b64_decode("Zg==", NULL, 2);
+ return 0;
+}
--- /dev/null
+#include "utils.h"
+
+int main()
+{
+ b64_encode("foo", 3, NULL, 2);
+ return 0;
+}
projects / oweals / libubox.git / commitdiff