[Haskell-cafe] base64-bytestring memory corruption bug

Hécate hecate at glitchbra.in
Tue Aug 3 20:44:27 UTC 2021 

Wonderful, happy to know it's been resolved!

Le 03/08/2021 à 05:40, Fraser Tweedale a écrit :
> A new proposed fix is being discussed in
> https://github.com/haskell/base64-bytestring/pull/46.
>
> Expect a fix merged and new release sometime in the next few days.
>
> Big thanks to all involved in pinpointing and resolving this issue.
>
> Cheers,
> Fraser
>
> On Mon, Aug 02, 2021 at 11:52:52PM +0200, Hécate wrote:
>> Hi Fraser, do you have further information about this situation?
>>
>> Le 25/07/2021 à 07:50, Fraser Tweedale a écrit :
>>> Hello,
>>>
>>> I want to bring to wider attention a memory bug present in
>>> base64-bytestring[1].  In summary, in some cases too few bytes are
>>> allocated for the output when performing base64url decoding.  This
>>> can lead to memory corruption (which I have observed[2]), and
>>> possibly crashes (which I have not observed).
>>>
>>> I submitted a pull request[2] that fixes the issue some days ago,
>>> but did not receive a response from the maintainers yet.  I
>>> understand that maintainers may be busy or unavailable, and that is
>>> fine.  So I am posting here mainly to ensure that USERS are aware of
>>> the issue.
>>>
>>> To maintainers: let me know if I can provider further assistance to
>>> resolve this issue and release a fix.
>>>
>>> [1] https://github.com/haskell/base64-bytestring/issues/44
>>> [2] https://github.com/frasertweedale/hs-jose/issues/102
>>> [3] https://github.com/haskell/base64-bytestring/pull/45
>>>
>>> Thanks,
>>> Fraser
>>> _______________________________________________
>>> Haskell-Cafe mailing list
>>> To (un)subscribe, modify options or view archives go to:
>>> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>>> Only members subscribed via the mailman list are allowed to post.
>> -- 
>> Hécate ✨
>> 🐦: @TechnoEmpress
>> IRC: Hecate
>> WWW: https://glitchbra.in
>> RUN: BSD
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> To (un)subscribe, modify options or view archives go to:
>> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>> Only members subscribed via the mailman list are allowed to post.

-- 
Hécate ✨
🐦: @TechnoEmpress
IRC: Hecate
WWW: https://glitchbra.in
RUN: BSD

More information about the Haskell-Cafe mailing list