aws_base64_compute_encoded_len() is now exact, doesn't add 1 extra for null-terminator #1188
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ating sometimes. Also much simpler. - aws_base64_compute_decoded_len() math can't overflow anymore
…t answer too, instead of sometimes overestimating
…of it back, but document the math tricks that confused me
graebm
changed the title
TingDaoK
approved these changes
Feb 14, 2025
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1188 +/- ##
=======================================
Coverage 84.21% 84.21%
=======================================
Files 57 57
Lines 5979 5973 -6
=======================================
- Hits 5035 5030 -5
+ Misses 944 943 -1 ☔ View full report in Codecov by Sentry. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue:
One of the core principles of aws_byte_buf and aws_byte_cursor, is you DO NOT assume there's a null-terminator, because null-terminators, and the resulting confusion between string "length" and "size" have led to so many bugs in the long history of C.
But
aws_base64_encode()tried to be "nice" and add a secret null-terminator after.len, but before.capacity. To achieve this,aws_base64_compute_encoded_len()would say it needed 1 more byte than necessary. This caused trouble, catching Dmitriy off guard the other day. Searching for uses, I see aws-crt-cpp also once had a bug due to this (fixed in this PR)In changing this, I found that
aws_hex_encode()did similar, but even worse. It always added a null-terminator, and included the null-terminator in the.len! Bad! Fortunately, this function was never used except in generating random data for tests. When Bret needed a function like this in 2019 for signing, he avoided this function entirely and built his own alternate version that doesn't add a null-terminator (it has other differences too).Description of changes:
aws_hex_encode()doesn't add null-terminator anymoreaws_hex_compute_encoded_len()updated to account for thisaws_base64_encode()doesn't add null-terminator anymoreaws_base64_compute_encoded_len()updated to account for thisaws_base64_compute_decoded_len()math adjusted so that overflow is impossibleBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.