From 96dc934241ec9a6227dff32304e575652bb655c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= Date: Sun, 11 May 2025 15:23:22 +0200 Subject: [PATCH] core: fix integer overflow in base32 encoding/decoding --- ChangeLog.adoc | 1 + src/core/wee-string.c | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog.adoc b/ChangeLog.adoc index ed02aeede..3e7fcd4cf 100644 --- a/ChangeLog.adoc +++ b/ChangeLog.adoc @@ -20,6 +20,7 @@ https://weechat.org/files/releasenotes/ReleaseNotes-devel.html[release notes] Bug fixes:: + * core: fix integer overflow in base32 encoding/decoding * core: fix integer overflow with decimal numbers in calculation of expression * core, plugins: fix integer overflow in loops (issue #2178) * core: fix crash in case of NULL message sent to function gui_chat_printf_y_date_tags (issue #1883) diff --git a/src/core/wee-string.c b/src/core/wee-string.c index f7d46179b..75309c3c2 100644 --- a/src/core/wee-string.c +++ b/src/core/wee-string.c @@ -3416,7 +3416,8 @@ int string_base32_encode (const char *from, int length, char *to) { unsigned char base32_table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"; - int count, value, next, bits_left, pad, index; + unsigned int value; + int count, next, bits_left, pad, index; int length_padding[8] = { 0, 0, 6, 0, 4, 3, 0, 2 }; if (!from || !to) @@ -3494,7 +3495,8 @@ int string_base32_decode (const char *from, char *to) { const char *ptr_from; - int value, bits_left, count; + int bits_left, count; + unsigned int value; unsigned char c; if (!from || !to)