[Haskell-cafe] base64-bytestring memory corruption bug

Fraser Tweedale frase at frase.id.au
Sun Jul 25 05:50:03 UTC 2021


I want to bring to wider attention a memory bug present in
base64-bytestring[1].  In summary, in some cases too few bytes are
allocated for the output when performing base64url decoding.  This
can lead to memory corruption (which I have observed[2]), and
possibly crashes (which I have not observed).

I submitted a pull request[2] that fixes the issue some days ago,
but did not receive a response from the maintainers yet.  I
understand that maintainers may be busy or unavailable, and that is
fine.  So I am posting here mainly to ensure that USERS are aware of
the issue.

To maintainers: let me know if I can provider further assistance to
resolve this issue and release a fix.

[1] https://github.com/haskell/base64-bytestring/issues/44
[2] https://github.com/frasertweedale/hs-jose/issues/102
[3] https://github.com/haskell/base64-bytestring/pull/45


More information about the Haskell-Cafe mailing list