git.ipfire.org Git - thirdparty/coreutils.git/commit

author	Pádraig Brady <P@draigBrady.com>
	Tue, 23 Sep 2025 14:38:51 +0000 (15:38 +0100)
committer	Pádraig Brady <P@draigBrady.com>
	Tue, 23 Sep 2025 19:35:34 +0000 (20:35 +0100)
commit	2ef53e5b0477f9d9361a11a471d704a96b1c99b8
tree	43174c68c87900e7b95649a97df382f74fb7e258	tree \| snapshot
parent	d766efc7e438253914b0bb1b4e22525ecc0b5903	commit \| diff

basenc: --base58: fix buffer overflow with input > 15MB

base58_length() operated naively on an int
which resulted in an overflow to a negative number
for any input > 2^31-1/138, i.e. 15,561,475 bytes.

* src/basenc.c (base_length): Change input and output
parameter types from int to idx_t since this needs to
cater for the full input size in the base58 case.
(base58_length): Likewise. Also reorder the calculation
to be less exact, but doing the division first
to minimize the chance of overflow (which now on 64 bit
would only happen for inputs > around 6 Exa bytes).
* tests/basenc/basenc-large.sh: Add a new test,
that triggers with valgrind or ASAN.
* tests/local.mk: Reference the new test.
* NEWS: Mention the bug fix.

NEWS		diff \| blob \| blame \| history
src/basenc.c		diff \| blob \| blame \| history
tests/basenc/basenc-large.sh	[new file with mode: 0755]	blob
tests/local.mk		diff \| blob \| blame \| history