From 80ea0028c7ba35e6a267e1778eab78a3ee82e8b9 Mon Sep 17 00:00:00 2001 From: Jeremy Nimmer Date: Tue, 10 Feb 2026 07:01:22 -0800 Subject: [PATCH] Fix DecodeBase64 to reject truncated input If the input doesn't have the proper number of encoding characters (a multiple of 4), return an empty result. Co-Authored-By: Sean Curtis --- src/binary.cpp | 13 ++++++++++--- test/binary_test.cpp | 6 ++++++ 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/src/binary.cpp b/src/binary.cpp index d27762a..a3ea0b2 100644 --- a/src/binary.cpp +++ b/src/binary.cpp @@ -74,7 +74,8 @@ std::vector DecodeBase64(const std::string &input) { unsigned char *out = &ret[0]; unsigned value = 0; - for (std::size_t i = 0, cnt = 0; i < input.size(); i++) { + std::size_t cnt = 0; + for (std::size_t i = 0; i < input.size(); i++) { if (std::isspace(static_cast(input[i]))) { // skip newlines continue; @@ -84,14 +85,20 @@ std::vector DecodeBase64(const std::string &input) { return ret_type(); value = (value << 6) | d; - if (cnt % 4 == 3) { + if (cnt == 3) { *out++ = value >> 16; if (i > 0 && input[i - 1] != '=') *out++ = value >> 8; if (input[i] != '=') *out++ = value; + cnt = 0; + } else { + ++cnt; } - ++cnt; + } + if (cnt != 0) { + // An invalid number of characters were encountered. + return ret_type(); } ret.resize(out - &ret[0]); diff --git a/test/binary_test.cpp b/test/binary_test.cpp index 7b17823..9d7f271 100644 --- a/test/binary_test.cpp +++ b/test/binary_test.cpp @@ -12,3 +12,9 @@ TEST(BinaryTest, DecodingNoCrashOnNegative) { const std::vector &result = YAML::DecodeBase64(input); EXPECT_TRUE(result.empty()); } + +TEST(BinaryTest, DecodingTooShort) { + std::string input{90, 71, 86, 104, 90, 71, 74, 108, 90, 87, 89}; + const std::vector &result = YAML::DecodeBase64(input); + EXPECT_TRUE(result.empty()); +}