[Haskell-cafe] base64-bytestring memory corruption bug
Fraser Tweedale
frase at frase.id.au
Sun Jul 25 05:50:03 UTC 2021
Hello,
I want to bring to wider attention a memory bug present in
base64-bytestring[1]. In summary, in some cases too few bytes are
allocated for the output when performing base64url decoding. This
can lead to memory corruption (which I have observed[2]), and
possibly crashes (which I have not observed).
I submitted a pull request[2] that fixes the issue some days ago,
but did not receive a response from the maintainers yet. I
understand that maintainers may be busy or unavailable, and that is
fine. So I am posting here mainly to ensure that USERS are aware of
the issue.
To maintainers: let me know if I can provider further assistance to
resolve this issue and release a fix.
[1] https://github.com/haskell/base64-bytestring/issues/44
[2] https://github.com/frasertweedale/hs-jose/issues/102
[3] https://github.com/haskell/base64-bytestring/pull/45
Thanks,
Fraser
More information about the Haskell-Cafe
mailing list