[Haskell-cafe] base64-bytestring memory corruption bug

Fraser Tweedale frase at frase.id.au
Tue Aug 3 03:40:26 UTC 2021


A new proposed fix is being discussed in
https://github.com/haskell/base64-bytestring/pull/46.

Expect a fix merged and new release sometime in the next few days.

Big thanks to all involved in pinpointing and resolving this issue.

Cheers,
Fraser

On Mon, Aug 02, 2021 at 11:52:52PM +0200, Hécate wrote:
> Hi Fraser, do you have further information about this situation?
> 
> Le 25/07/2021 à 07:50, Fraser Tweedale a écrit :
> > Hello,
> >
> > I want to bring to wider attention a memory bug present in
> > base64-bytestring[1].  In summary, in some cases too few bytes are
> > allocated for the output when performing base64url decoding.  This
> > can lead to memory corruption (which I have observed[2]), and
> > possibly crashes (which I have not observed).
> >
> > I submitted a pull request[2] that fixes the issue some days ago,
> > but did not receive a response from the maintainers yet.  I
> > understand that maintainers may be busy or unavailable, and that is
> > fine.  So I am posting here mainly to ensure that USERS are aware of
> > the issue.
> >
> > To maintainers: let me know if I can provider further assistance to
> > resolve this issue and release a fix.
> >
> > [1] https://github.com/haskell/base64-bytestring/issues/44
> > [2] https://github.com/frasertweedale/hs-jose/issues/102
> > [3] https://github.com/haskell/base64-bytestring/pull/45
> >
> > Thanks,
> > Fraser
> > _______________________________________________
> > Haskell-Cafe mailing list
> > To (un)subscribe, modify options or view archives go to:
> > http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
> > Only members subscribed via the mailman list are allowed to post.
> 
> -- 
> Hécate ✨
> 🐦: @TechnoEmpress
> IRC: Hecate
> WWW: https://glitchbra.in
> RUN: BSD
> 
> _______________________________________________
> Haskell-Cafe mailing list
> To (un)subscribe, modify options or view archives go to:
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
> Only members subscribed via the mailman list are allowed to post.


More information about the Haskell-Cafe mailing list