mirror of
https://github.com/keepassxreboot/keepassxc.git
synced 2025-01-11 23:39:50 -05:00
Fix bug in Base32::decode and add bounds check
The bug that was fixed, was affecting how the number of bytes of decoded data was calculated and thus, even though it didn't truncate the result, it was causing the array to be resized unnecessarily.
This commit is contained in:
parent
24f560aaa2
commit
c731f8e5c0
@ -83,7 +83,7 @@ QVariant Base32::decode(const QByteArray& encodedData)
|
||||
|
||||
Q_ASSERT(encodedData.size() > 0);
|
||||
const int nQuanta = encodedData.size() / 8;
|
||||
const int nBytes = (nQuanta - 1) * 5 + nSpecialBytes;
|
||||
const int nBytes = nSpecialBytes > 0 ? (nQuanta - 1) * 5 + nSpecialBytes : nQuanta * 5;
|
||||
|
||||
QByteArray data(nBytes, Qt::Uninitialized);
|
||||
|
||||
@ -126,12 +126,17 @@ QVariant Base32::decode(const QByteArray& encodedData)
|
||||
const int offset = (nQuantumBytes - 1) * 8;
|
||||
quint64 mask = quint64(0xFF) << offset;
|
||||
for (int n = offset; n >= 0; n -= 8) {
|
||||
char c = static_cast<char>((quantum & mask) >> n);
|
||||
data[o++] = c;
|
||||
mask >>= 8;
|
||||
if (o < nBytes) {
|
||||
data[o++] = static_cast<char>((quantum & mask) >> n);
|
||||
mask >>= 8;
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Q_ASSERT(nBytes == o);
|
||||
|
||||
return QVariant::fromValue(data);
|
||||
}
|
||||
|
||||
@ -144,6 +149,7 @@ QByteArray Base32::encode(const QByteArray& data)
|
||||
const int nBits = data.size() * 8;
|
||||
const int rBits = nBits % 40; // in {0, 8, 16, 24, 32}
|
||||
const int nQuanta = nBits / 40 + (rBits > 0 ? 1 : 0);
|
||||
const int nBytes = nQuanta * 8;
|
||||
QByteArray encodedData(nQuanta * 8, Qt::Uninitialized);
|
||||
|
||||
int i = 0;
|
||||
@ -211,7 +217,8 @@ QByteArray Base32::encode(const QByteArray& data)
|
||||
}
|
||||
}
|
||||
|
||||
Q_ASSERT(encodedData.size() == o);
|
||||
Q_ASSERT(data.size() == i);
|
||||
Q_ASSERT(nBytes == o);
|
||||
return encodedData;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user