Check `sizeof(base64_dec_tab)` in base64 encoding; fix #3947

The issue (and the fix) reported by https://hackerone.com/aerodudrizzt
parent 74837530
......@@ -806,7 +806,7 @@ unpack_m(mrb_state *mrb, const void *src, int slen, mrb_value ary, unsigned int
ch[i] = 0;
padding++;
}
} while (ch[i] == PACK_BASE64_IGNORE);
} while (c >= sizeof(base64_dec_tab) || ch[i] == PACK_BASE64_IGNORE);
}
l = (ch[0] << 18) + (ch[1] << 12) + (ch[2] << 6) + ch[3];
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment