From e8bd88d1fcded01ccd066572eeaae1b507989cb3 Mon Sep 17 00:00:00 2001 From: RincewindsHat <12514511+RincewindsHat@users.noreply.github.com> Date: Tue, 31 Jan 2023 14:46:01 +0100 Subject: Sync with the latest Gnulib code 668c0b8ffa --- gl/base64.c | 126 ++++++++++++++++++++++++++++++++++++------------------------ 1 file changed, 75 insertions(+), 51 deletions(-) (limited to 'gl/base64.c') diff --git a/gl/base64.c b/gl/base64.c index 8da969c0..95b669aa 100644 --- a/gl/base64.c +++ b/gl/base64.c @@ -1,24 +1,24 @@ /* base64.c -- Encode binary data using printable characters. - Copyright (C) 1999-2001, 2004-2006, 2009-2013 Free Software Foundation, Inc. + Copyright (C) 1999-2001, 2004-2006, 2009-2023 Free Software Foundation, Inc. - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3, or (at your option) - any later version. + This file is free software: you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. - This program is distributed in the hope that it will be useful, + This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. + GNU Lesser General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, see . */ + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . */ /* Written by Simon Josefsson. Partially adapted from GNU MailUtils * (mailbox/filter_trans.c, as of 2004-11-28). Improved by review * from Paul Eggert, Bruno Haible, and Stepan Kasal. * - * See also RFC 4648 . + * See also RFC 4648 . * * Be careful with error checking. Here is how you would typically * use these functions: @@ -30,7 +30,7 @@ * FAIL: memory allocation error * OK: data in OUT/OUTLEN * - * size_t outlen = base64_encode_alloc (in, inlen, &out); + * idx_t outlen = base64_encode_alloc (in, inlen, &out); * if (out == NULL && outlen == 0 && inlen != 0) * FAIL: input too long * if (out == NULL) @@ -44,51 +44,84 @@ /* Get prototype. */ #include "base64.h" -/* Get malloc. */ -#include +/* Get imalloc. */ +#include + +#include /* Get UCHAR_MAX. */ #include #include -/* C89 compliant way to cast 'char' to 'unsigned char'. */ +/* Convert 'char' to 'unsigned char' without casting. */ static unsigned char to_uchar (char ch) { return ch; } +static const char b64c[64] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +/* Base64 encode IN array of size INLEN into OUT array. OUT needs + to be of length >= BASE64_LENGTH(INLEN), and INLEN needs to be + a multiple of 3. */ +static void +base64_encode_fast (const char *restrict in, idx_t inlen, char *restrict out) +{ + while (inlen) + { + *out++ = b64c[(to_uchar (in[0]) >> 2) & 0x3f]; + *out++ = b64c[((to_uchar (in[0]) << 4) + (to_uchar (in[1]) >> 4)) & 0x3f]; + *out++ = b64c[((to_uchar (in[1]) << 2) + (to_uchar (in[2]) >> 6)) & 0x3f]; + *out++ = b64c[to_uchar (in[2]) & 0x3f]; + + inlen -= 3; + in += 3; + } +} + /* Base64 encode IN array of size INLEN into OUT array of size OUTLEN. If OUTLEN is less than BASE64_LENGTH(INLEN), write as many bytes as possible. If OUTLEN is larger than BASE64_LENGTH(INLEN), also zero terminate the output buffer. */ void -base64_encode (const char *restrict in, size_t inlen, - char *restrict out, size_t outlen) +base64_encode (const char *restrict in, idx_t inlen, + char *restrict out, idx_t outlen) { - static const char b64str[64] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + /* Note this outlen constraint can be enforced at compile time. + I.E. that the output buffer is exactly large enough to hold + the encoded inlen bytes. The inlen constraints (of corresponding + to outlen, and being a multiple of 3) can change at runtime + at the end of input. However the common case when reading + large inputs is to have both constraints satisfied, so we depend + on both in base_encode_fast(). */ + if (outlen % 4 == 0 && inlen == (outlen >> 2) * 3) + { + base64_encode_fast (in, inlen, out); + return; + } while (inlen && outlen) { - *out++ = b64str[(to_uchar (in[0]) >> 2) & 0x3f]; + *out++ = b64c[(to_uchar (in[0]) >> 2) & 0x3f]; if (!--outlen) break; - *out++ = b64str[((to_uchar (in[0]) << 4) + *out++ = b64c[((to_uchar (in[0]) << 4) + (--inlen ? to_uchar (in[1]) >> 4 : 0)) & 0x3f]; if (!--outlen) break; *out++ = (inlen - ? b64str[((to_uchar (in[1]) << 2) + ? b64c[((to_uchar (in[1]) << 2) + (--inlen ? to_uchar (in[2]) >> 6 : 0)) & 0x3f] : '='); if (!--outlen) break; - *out++ = inlen ? b64str[to_uchar (in[2]) & 0x3f] : '='; + *out++ = inlen ? b64c[to_uchar (in[2]) & 0x3f] : '='; if (!--outlen) break; if (inlen) @@ -110,30 +143,21 @@ base64_encode (const char *restrict in, size_t inlen, memory allocation failed, OUT is set to NULL, and the return value indicates length of the requested memory block, i.e., BASE64_LENGTH(inlen) + 1. */ -size_t -base64_encode_alloc (const char *in, size_t inlen, char **out) +idx_t +base64_encode_alloc (const char *in, idx_t inlen, char **out) { - size_t outlen = 1 + BASE64_LENGTH (inlen); - /* Check for overflow in outlen computation. - * - * If there is no overflow, outlen >= inlen. - * - * If the operation (inlen + 2) overflows then it yields at most +1, so - * outlen is 0. - * - * If the multiplication overflows, we lose at least half of the - * correct value, so the result is < ((inlen + 2) / 3) * 2, which is - * less than (inlen + 2) * 0.66667, which is less than inlen as soon as - * (inlen > 4). - */ - if (inlen > outlen) + Treat negative INLEN as overflow, for better compatibility with + pre-2021-08-27 API, which used size_t. */ + idx_t in_over_3 = inlen / 3 + (inlen % 3 != 0), outlen; + if (! INT_MULTIPLY_OK (in_over_3, 4, &outlen) || inlen < 0) { *out = NULL; return 0; } + outlen++; - *out = malloc (outlen); + *out = imalloc (outlen); if (!*out) return outlen; @@ -317,7 +341,7 @@ base64_decode_ctx_init (struct base64_decode_context *ctx) static char * get_4 (struct base64_decode_context *ctx, char const *restrict *in, char const *restrict in_end, - size_t *n_non_newline) + idx_t *n_non_newline) { if (ctx->i == 4) ctx->i = 0; @@ -369,8 +393,8 @@ get_4 (struct base64_decode_context *ctx, *OUT to point to the byte after the last one written, and decrement *OUTLEN to reflect the number of bytes remaining in *OUT. */ static bool -decode_4 (char const *restrict in, size_t inlen, - char *restrict *outp, size_t *outleft) +decode_4 (char const *restrict in, idx_t inlen, + char *restrict *outp, idx_t *outleft) { char *out = *outp; if (inlen < 2) @@ -455,10 +479,10 @@ decode_4 (char const *restrict in, size_t inlen, bool base64_decode_ctx (struct base64_decode_context *ctx, - const char *restrict in, size_t inlen, - char *restrict out, size_t *outlen) + const char *restrict in, idx_t inlen, + char *restrict out, idx_t *outlen) { - size_t outleft = *outlen; + idx_t outleft = *outlen; bool ignore_newlines = ctx != NULL; bool flush_ctx = false; unsigned int ctx_i = 0; @@ -472,7 +496,7 @@ base64_decode_ctx (struct base64_decode_context *ctx, while (true) { - size_t outleft_save = outleft; + idx_t outleft_save = outleft; if (ctx_i == 0 && !flush_ctx) { while (true) @@ -546,17 +570,17 @@ base64_decode_ctx (struct base64_decode_context *ctx, undefined. */ bool base64_decode_alloc_ctx (struct base64_decode_context *ctx, - const char *in, size_t inlen, char **out, - size_t *outlen) + const char *in, idx_t inlen, char **out, + idx_t *outlen) { /* This may allocate a few bytes too many, depending on input, but it's not worth the extra CPU time to compute the exact size. The exact size is 3 * (inlen + (ctx ? ctx->i : 0)) / 4, minus 1 if the input ends with "=" and minus another 1 if the input ends with "==". - Dividing before multiplying avoids the possibility of overflow. */ - size_t needlen = 3 * (inlen / 4) + 3; + Shifting before multiplying avoids the possibility of overflow. */ + idx_t needlen = 3 * ((inlen >> 2) + 1); - *out = malloc (needlen); + *out = imalloc (needlen); if (!*out) return true; -- cgit v1.2.3-74-g34f1