26735862306

Committed 31 May 2026 11:43PM UTC coverage: 89.37%. Remained the same

Build # 26735862306

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #5631 from randombit/jack/overflow-checks

Systematically eliminate any possible integer overflows

Coverage Stats

110295 of 123414 relevant lines covered (89.37%)

11075877.11 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

91.55

/src/lib/codec/base64/base64.cpp

/*
* Base64 Encoding and Decoding
* (C) 2010,2015,2020 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/base64.h>

#include <botan/exceptn.h>
#include <botan/internal/charset.h>
#include <botan/internal/codec_base.h>
#include <botan/internal/fmt.h>
#include <botan/internal/int_utils.h>
#include <botan/internal/loadstor.h>
#include <botan/internal/rounding.h>

namespace Botan {

namespace {

class Base64 final {
   public:
      static std::string name() noexcept { return "base64"; }

      static constexpr size_t encoding_bytes_in() noexcept { return m_encoding_bytes_in; }

      static constexpr size_t encoding_bytes_out() noexcept { return m_encoding_bytes_out; }

      static constexpr size_t decoding_bytes_in() noexcept { return m_encoding_bytes_out; }

      static constexpr size_t decoding_bytes_out() noexcept { return m_encoding_bytes_in; }

      static constexpr size_t bits_consumed() noexcept { return m_encoding_bits; }

      static constexpr size_t remaining_bits_before_padding() noexcept { return m_remaining_bits_before_padding; }

      static constexpr size_t encode_max_output(size_t input_length) {
         const size_t encoding_blocks = round_up(input_length, m_encoding_bytes_in) / m_encoding_bytes_in;
         return mul_or_throw(encoding_blocks, m_encoding_bytes_out, "Input too large to base64 encode");
      }

      static constexpr size_t decode_max_output(size_t input_length) {
         // Divide before multiply to avoid overflow; round_up makes the division exact.
         return (round_up(input_length, m_encoding_bytes_out) / m_encoding_bytes_out) * m_encoding_bytes_in;
      }

      static void encode(char out[4], const uint8_t in[3]) noexcept;

      static uint8_t lookup_binary_value(char input) noexcept;

      static bool check_bad_char(uint8_t bin, char input, bool ignore_ws);

      static void decode(uint8_t* out_ptr, const uint8_t decode_buf[4]) {
         out_ptr[0] = (decode_buf[0] << 2) | (decode_buf[1] >> 4);
         out_ptr[1] = (decode_buf[1] << 4) | (decode_buf[2] >> 2);
         out_ptr[2] = (decode_buf[2] << 6) | decode_buf[3];
      }

      static size_t bytes_to_remove(size_t final_truncate) { return final_truncate; }

   private:
      static constexpr size_t m_encoding_bits = 6;
      static constexpr size_t m_remaining_bits_before_padding = 8;

      static constexpr size_t m_encoding_bytes_in = 3;
      static constexpr size_t m_encoding_bytes_out = 4;
};

uint32_t lookup_base64_chars(uint32_t x32) {
   /*
   * The basic insight of this approach is that our goal is computing
   * f(x) = y where x is in [0,63) and y is the correct base64 encoding.
   *
   * Instead of doing this directly, we compute
   * offset(x) such that f(x) = x + offset(x)
   *
   * This is described in
   * http://0x80.pl/notesen/2016-01-12-sse-base64-encoding.html#improved-version
   *
   * Here we do a SWAR (simd within a register) implementation of Wojciech's lookup_version2_swar
   */

   uint32_t r = x32 + 0x41414141;

   r += (~swar_lt<uint32_t>(x32, 0x1A1A1A1A)) & 0x06060606;
   r -= (~swar_lt<uint32_t>(x32, 0x34343434)) & 0x4B4B4B4B;
   r -= (~swar_lt<uint32_t>(x32, 0x3E3E3E3E)) & 0x0F0F0F0F;
   r += (~swar_lt<uint32_t>(x32, 0x3F3F3F3F)) & 0x03030303;

   return r;
}

//static
void Base64::encode(char out[4], const uint8_t in[3]) noexcept {
   const uint32_t b0 = (in[0] & 0xFC) >> 2;
   const uint32_t b1 = ((in[0] & 0x03) << 4) | (in[1] >> 4);
   const uint32_t b2 = ((in[1] & 0x0F) << 2) | (in[2] >> 6);
   const uint32_t b3 = in[2] & 0x3F;

   const uint32_t z = (b0 << 24) | (b1 << 16) | (b2 << 8) | b3;

   const uint32_t b64 = lookup_base64_chars(z);

   out[0] = static_cast<char>(get_byte<0>(b64));
   out[1] = static_cast<char>(get_byte<1>(b64));
   out[2] = static_cast<char>(get_byte<2>(b64));
   out[3] = static_cast<char>(get_byte<3>(b64));
}

//static
uint8_t Base64::lookup_binary_value(char input) noexcept {
   auto has_zero_byte = [](uint64_t v) { return ((v - 0x0101010101010101) & ~(v) & 0x8080808080808080); };

   // Assumes each byte is either 0x00 or 0x80
   auto index_of_first_set_byte = [](uint64_t v) {
      return ((((v - 1) & 0x0101010101010101) * 0x0101010101010101) >> 56) - 1;
   };

   constexpr uint64_t lo = 0x0101010101010101;

   const uint8_t x = static_cast<uint8_t>(input);

   const uint64_t x8 = x * lo;

   // Defines the valid ASCII ranges of base64, except the special chars (below)
   constexpr uint64_t val_l = make_uint64(0, 0, 0, 0, 0, 'A', 'a', '0');
   constexpr uint64_t val_u = make_uint64(0, 0, 0, 0, 0, 26, 26, 10);

   // If x is in one of the ranges return a mask. Otherwise we xor in at the
   // high word which will be our invalid marker
   auto v_mask = swar_in_range<uint64_t>(x8, val_l, val_u) ^ 0x80000000;

   // This is the offset added to x to get the value
   const uint64_t val_v = 0xbfb904 ^ (0xFF000000 - (x << 24));

   const uint8_t z = x + static_cast<uint8_t>(val_v >> (8 * index_of_first_set_byte(v_mask)));

   // Valid base64 special characters, and some whitespace chars
   constexpr uint64_t specials_i = make_uint64(0, '+', '/', '=', ' ', '\n', '\t', '\r');

   const uint64_t specials_v = 0x3e3f8180808080 ^ (static_cast<uint64_t>(z) << 56);

   const uint64_t smask = has_zero_byte(x8 ^ specials_i) ^ 0x8000000000000000;

   return static_cast<uint8_t>(specials_v >> (8 * index_of_first_set_byte(smask)));
}

//static
bool Base64::check_bad_char(uint8_t bin, char input, bool ignore_ws) {
   if(bin <= 0x3F) {
      return true;
   } else if(!(bin == 0x81 || (bin == 0x80 && ignore_ws))) {
      throw Invalid_Argument(fmt("base64_decode: invalid character '{}'", format_char_for_display(input)));
   }
   return false;
}

}  // namespace

size_t base64_encode(char out[], const uint8_t in[], size_t input_length, size_t& input_consumed, bool final_inputs) {
   return base_encode(Base64(), out, in, input_length, input_consumed, final_inputs);
}

std::string base64_encode(const uint8_t input[], size_t input_length) {
   return base_encode_to_string(Base64(), input, input_length);
}

size_t base64_decode(
   uint8_t out[], const char in[], size_t input_length, size_t& input_consumed, bool final_inputs, bool ignore_ws) {
   return base_decode(Base64(), out, in, input_length, input_consumed, final_inputs, ignore_ws);
}

size_t base64_decode(uint8_t output[], const char input[], size_t input_length, bool ignore_ws) {
   return base_decode_full(Base64(), output, input, input_length, ignore_ws);
}

size_t base64_decode(uint8_t output[], std::string_view input, bool ignore_ws) {
   return base64_decode(output, input.data(), input.length(), ignore_ws);
}

size_t base64_decode(std::span<uint8_t> output, std::string_view input, bool ignore_ws) {
   if(output.size() < base64_decode_max_output(input.size())) {
      throw Invalid_Argument("base64_decode: output buffer is too short");
   }
   return base64_decode(output.data(), input.data(), input.length(), ignore_ws);
}

secure_vector<uint8_t> base64_decode(const char input[], size_t input_length, bool ignore_ws) {
   return base_decode_to_vec<secure_vector<uint8_t>>(Base64(), input, input_length, ignore_ws);
}

secure_vector<uint8_t> base64_decode(std::string_view input, bool ignore_ws) {
   return base64_decode(input.data(), input.size(), ignore_ws);
}

size_t base64_encode_max_output(size_t input_length) {
   return Base64::encode_max_output(input_length);
}

size_t base64_decode_max_output(size_t input_length) {
   return Base64::decode_max_output(input_length);
}

}  // namespace Botan

1	/*
2	* Base64 Encoding and Decoding
3	* (C) 2010,2015,2020 Jack Lloyd
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include <botan/base64.h>
9
10	#include <botan/exceptn.h>
11	#include <botan/internal/charset.h>
12	#include <botan/internal/codec_base.h>
13	#include <botan/internal/fmt.h>
14	#include <botan/internal/int_utils.h>
15	#include <botan/internal/loadstor.h>
16	#include <botan/internal/rounding.h>
17
18	namespace Botan {
19
20	namespace {
21
22	class Base64 final {
23	public:
24	static std::string name() noexcept { return "base64"; }	14✔
25
26	static constexpr size_t encoding_bytes_in() noexcept { return m_encoding_bytes_in; }
27
28	static constexpr size_t encoding_bytes_out() noexcept { return m_encoding_bytes_out; }
29
30	static constexpr size_t decoding_bytes_in() noexcept { return m_encoding_bytes_out; }
31
32	static constexpr size_t decoding_bytes_out() noexcept { return m_encoding_bytes_in; }
33
34	static constexpr size_t bits_consumed() noexcept { return m_encoding_bits; }
35
36	static constexpr size_t remaining_bits_before_padding() noexcept { return m_remaining_bits_before_padding; }
37
38	static constexpr size_t encode_max_output(size_t input_length) {	2,472✔
39	const size_t encoding_blocks = round_up(input_length, m_encoding_bytes_in) / m_encoding_bytes_in;	2,472✔
40	return mul_or_throw(encoding_blocks, m_encoding_bytes_out, "Input too large to base64 encode");	2,472✔
41	}
42
43	static constexpr size_t decode_max_output(size_t input_length) {	35,798✔
44	// Divide before multiply to avoid overflow; round_up makes the division exact.
45	return (round_up(input_length, m_encoding_bytes_out) / m_encoding_bytes_out) * m_encoding_bytes_in;	35,779✔
46	}
47
48	static void encode(char out[4], const uint8_t in[3]) noexcept;
49
50	static uint8_t lookup_binary_value(char input) noexcept;
51
52	static bool check_bad_char(uint8_t bin, char input, bool ignore_ws);
53
54	static void decode(uint8_t* out_ptr, const uint8_t decode_buf[4]) {	5,586,523✔
55	out_ptr[0] = (decode_buf[0] << 2) \| (decode_buf[1] >> 4);	5,586,523✔
56	out_ptr[1] = (decode_buf[1] << 4) \| (decode_buf[2] >> 2);	5,586,523✔
57	out_ptr[2] = (decode_buf[2] << 6) \| decode_buf[3];	5,586,523✔
58	}
59
60	static size_t bytes_to_remove(size_t final_truncate) { return final_truncate; }
61
62	private:
63	static constexpr size_t m_encoding_bits = 6;
64	static constexpr size_t m_remaining_bits_before_padding = 8;
65
66	static constexpr size_t m_encoding_bytes_in = 3;
67	static constexpr size_t m_encoding_bytes_out = 4;
68	};
69
70	uint32_t lookup_base64_chars(uint32_t x32) {	2,167,081✔
71	/*
72	* The basic insight of this approach is that our goal is computing
73	* f(x) = y where x is in [0,63) and y is the correct base64 encoding.
74	*
75	* Instead of doing this directly, we compute
76	* offset(x) such that f(x) = x + offset(x)
77	*
78	* This is described in
79	* http://0x80.pl/notesen/2016-01-12-sse-base64-encoding.html#improved-version
80	*
81	* Here we do a SWAR (simd within a register) implementation of Wojciech's lookup_version2_swar
82	*/
83
84	uint32_t r = x32 + 0x41414141;	2,167,081✔
85
86	r += (~swar_lt<uint32_t>(x32, 0x1A1A1A1A)) & 0x06060606;	2,167,081✔
87	r -= (~swar_lt<uint32_t>(x32, 0x34343434)) & 0x4B4B4B4B;	2,167,081✔
88	r -= (~swar_lt<uint32_t>(x32, 0x3E3E3E3E)) & 0x0F0F0F0F;	2,167,081✔
89	r += (~swar_lt<uint32_t>(x32, 0x3F3F3F3F)) & 0x03030303;	2,167,081✔
90
91	return r;	2,167,081✔
92	}
93
94	//static
95	void Base64::encode(char out[4], const uint8_t in[3]) noexcept {	2,167,081✔
96	const uint32_t b0 = (in[0] & 0xFC) >> 2;	2,167,081✔
97	const uint32_t b1 = ((in[0] & 0x03) << 4) \| (in[1] >> 4);	2,167,081✔
98	const uint32_t b2 = ((in[1] & 0x0F) << 2) \| (in[2] >> 6);	2,167,081✔
99	const uint32_t b3 = in[2] & 0x3F;	2,167,081✔
100
101	const uint32_t z = (b0 << 24) \| (b1 << 16) \| (b2 << 8) \| b3;	2,167,081✔
102
103	const uint32_t b64 = lookup_base64_chars(z);	2,167,081✔
104
105	out[0] = static_cast<char>(get_byte<0>(b64));	2,167,081✔
106	out[1] = static_cast<char>(get_byte<1>(b64));	2,167,081✔
107	out[2] = static_cast<char>(get_byte<2>(b64));	2,167,081✔
108	out[3] = static_cast<char>(get_byte<3>(b64));	2,167,081✔
109	}	2,167,081✔
110
111	//static
112	uint8_t Base64::lookup_binary_value(char input) noexcept {	22,713,980✔
113	auto has_zero_byte = [](uint64_t v) { return ((v - 0x0101010101010101) & ~(v) & 0x8080808080808080); };	22,713,980✔
114
115	// Assumes each byte is either 0x00 or 0x80
116	auto index_of_first_set_byte = [](uint64_t v) {	22,713,980✔
117	return ((((v - 1) & 0x0101010101010101) * 0x0101010101010101) >> 56) - 1;	22,713,980✔
118	};
119
120	constexpr uint64_t lo = 0x0101010101010101;	22,713,980✔
121
122	const uint8_t x = static_cast<uint8_t>(input);	22,713,980✔
123
124	const uint64_t x8 = x * lo;	22,713,980✔
125
126	// Defines the valid ASCII ranges of base64, except the special chars (below)
127	constexpr uint64_t val_l = make_uint64(0, 0, 0, 0, 0, 'A', 'a', '0');	22,713,980✔
128	constexpr uint64_t val_u = make_uint64(0, 0, 0, 0, 0, 26, 26, 10);	22,713,980✔
129
130	// If x is in one of the ranges return a mask. Otherwise we xor in at the
131	// high word which will be our invalid marker
132	auto v_mask = swar_in_range<uint64_t>(x8, val_l, val_u) ^ 0x80000000;	22,713,980✔
133
134	// This is the offset added to x to get the value
135	const uint64_t val_v = 0xbfb904 ^ (0xFF000000 - (x << 24));	22,713,980✔
136
137	const uint8_t z = x + static_cast<uint8_t>(val_v >> (8 * index_of_first_set_byte(v_mask)));	22,713,980✔
138
139	// Valid base64 special characters, and some whitespace chars
140	constexpr uint64_t specials_i = make_uint64(0, '+', '/', '=', ' ', '\n', '\t', '\r');	22,713,980✔
141
142	const uint64_t specials_v = 0x3e3f8180808080 ^ (static_cast<uint64_t>(z) << 56);	22,713,980✔
143
144	const uint64_t smask = has_zero_byte(x8 ^ specials_i) ^ 0x8000000000000000;	22,713,980✔
145
146	return static_cast<uint8_t>(specials_v >> (8 * index_of_first_set_byte(smask)));	22,713,980✔
147	}
148
149	//static
150	bool Base64::check_bad_char(uint8_t bin, char input, bool ignore_ws) {	22,708,301✔
151	if(bin <= 0x3F) {	22,708,301✔
152	return true;
153	} else if(!(bin == 0x81 \|\| (bin == 0x80 && ignore_ws))) {	379,239✔
154	throw Invalid_Argument(fmt("base64_decode: invalid character '{}'", format_char_for_display(input)));	76✔
155	}
156	return false;
157	}
158
159	} // namespace
160
161	size_t base64_encode(char out[], const uint8_t in[], size_t input_length, size_t& input_consumed, bool final_inputs) {	8✔
162	return base_encode(Base64(), out, in, input_length, input_consumed, final_inputs);	8✔
163	}
164
165	std::string base64_encode(const uint8_t input[], size_t input_length) {	2,472✔
166	return base_encode_to_string(Base64(), input, input_length);	2,472✔
167	}
168
169	size_t base64_decode(	2✔
170	uint8_t out[], const char in[], size_t input_length, size_t& input_consumed, bool final_inputs, bool ignore_ws) {
171	return base_decode(Base64(), out, in, input_length, input_consumed, final_inputs, ignore_ws);	2✔
172	}
173
174	size_t base64_decode(uint8_t output[], const char input[], size_t input_length, bool ignore_ws) {	17✔
175	return base_decode_full(Base64(), output, input, input_length, ignore_ws);	17✔
176	}
177
178	size_t base64_decode(uint8_t output[], std::string_view input, bool ignore_ws) {	17✔
179	return base64_decode(output, input.data(), input.length(), ignore_ws);	17✔
180	}
181
182	size_t base64_decode(std::span<uint8_t> output, std::string_view input, bool ignore_ws) {	×
183	if(output.size() < base64_decode_max_output(input.size())) {	×
184	throw Invalid_Argument("base64_decode: output buffer is too short");	×
185	}
186	return base64_decode(output.data(), input.data(), input.length(), ignore_ws);	×
187	}
188
189	secure_vector<uint8_t> base64_decode(const char input[], size_t input_length, bool ignore_ws) {	17,880✔
190	return base_decode_to_vec<secure_vector<uint8_t>>(Base64(), input, input_length, ignore_ws);	17,880✔
191	}
192
193	secure_vector<uint8_t> base64_decode(std::string_view input, bool ignore_ws) {	881✔
194	return base64_decode(input.data(), input.size(), ignore_ws);	881✔
195	}
196
197	size_t base64_encode_max_output(size_t input_length) {	×
198	return Base64::encode_max_output(input_length);	×
199	}
200
201	size_t base64_decode_max_output(size_t input_length) {	19✔
202	return Base64::decode_max_output(input_length);	19✔
203	}
204
205	} // namespace Botan

randombit / botan / 26735862306

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous