From 6ecd9e66bf9578073f5a99ecd46bede8b693de7c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashcode@flashtux.org>
Date: Sat, 10 May 2025 15:28:41 +0200
Subject: [PATCH] core: fix buffer overflow in function eval_string_base_encode

---
 CHANGELOG.md         | 1 +
 src/core/core-eval.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 65bae90a9..f578edf3e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,6 +29,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 - core: fix integer overflow in base32 encoding/decoding
 - core: fix buffer overflow in function util_parse_time
 - core: fix buffer overflow in function eval_syntax_highlight_colorize
+- core: fix buffer overflow in function eval_string_base_encode
 - core: fix memory leak in function util_parse_delay
 - irc: display nick changes and quit messages when option irc.look.ignore_tag_messages is enabled ([#2241](https://github.com/weechat/weechat/issues/2241))
 - perl: fix build when multiplicity is not available ([#2243](https://github.com/weechat/weechat/issues/2243))
diff --git a/src/core/core-eval.c b/src/core/core-eval.c
index 438f274df..3a37ce064 100644
--- a/src/core/core-eval.c
+++ b/src/core/core-eval.c
@@ -896,7 +896,7 @@ eval_string_base_encode (const char *text)
 
     ptr_string++;
     length = strlen (ptr_string);
-    result = malloc ((length * 4) + 1);
+    result = malloc ((length * 4) + 8 + 1);
     if (!result)
         goto end;