From ca6035f7546621b1218197c8ba5760b1e2e5e534 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= Date: Mon, 5 May 2025 20:43:21 +0200 Subject: [PATCH] core: fix integer overflow in base32 encoding/decoding --- CHANGELOG.md | 1 + src/core/core-string.c | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bd46934d5..3e3178e4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ SPDX-License-Identifier: GPL-3.0-or-later - core: add refresh of window title on buffer switch, when option weechat.look.window_title is set - core: consider all keys are safe in cursor context ([#2244](https://github.com/weechat/weechat/issues/2244)) - core: fix integer overflow with decimal numbers in calculation of expression +- core: fix integer overflow in base32 encoding/decoding - irc: display nick changes and quit messages when option irc.look.ignore_tag_messages is enabled ([#2241](https://github.com/weechat/weechat/issues/2241)) - perl: fix build when multiplicity is not available ([#2243](https://github.com/weechat/weechat/issues/2243)) diff --git a/src/core/core-string.c b/src/core/core-string.c index 060ee0a8a..4254370f6 100644 --- a/src/core/core-string.c +++ b/src/core/core-string.c @@ -3572,7 +3572,8 @@ int string_base32_encode (const char *from, int length, char *to) { unsigned char base32_table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"; - int count, value, next, bits_left, pad, index; + unsigned int value; + int count, next, bits_left, pad, index; int length_padding[8] = { 0, 0, 6, 0, 4, 3, 0, 2 }; if (!from || !to) @@ -3650,7 +3651,8 @@ int string_base32_decode (const char *from, char *to) { const char *ptr_from; - int value, bits_left, count; + int bits_left, count; + unsigned int value; unsigned char c; if (!from || !to)