[webkit-dev] Fix for WebCore's base64Decode...
David Kilzer
ddkilzer at webkit.org
Fri Dec 12 04:42:48 PST 2008
Hi Paul,
Please file a bug on <https://bugs.webkit.org/> and attach a patch for review. It sounds like it *may* be possible to use the local copy of the Acid 3 test as a test case for the fix (for ports using libcurl or libsoup).
Thanks!
Dave
________________________________
From: Paul Pedriana <ppedriana at gmail.com>
To: WebKit-Dev <webkit-dev at lists.webkit.org>
Sent: Friday, December 12, 2008 12:03:04 AM
Subject: [webkit-dev] Fix for WebCore's base64Decode...
I see this in curl and soup code:
// Use the GLib Base64 if available, since WebCore's decoder isn't
// general-purpose and fails on Acid3 test 97 (whitespace).
In WebCore's base64Decode, I see this:
for (unsigned idx = 0; idx < len; idx++) {
unsigned char ch = data[idx];
if ((ch > 47 && ch < 58) || (ch > 64 && ch < 91) || (ch > 96 && ch < 123) || ch == '+' || ch == '/' || ch == '=')
out[idx] = base64DecMap[ch];
else
return false; <--- it shouldn't be doing this
}
RFC 2045 states:
All line breaks or other characters not found in Table 1 must
be ignored by decoding software.
Thus can't WebCore's base64Decode be fixed simply like so, which works as expected in my tests:
bool base64Decode(const char* data, unsigned len, Vector<char>& out)
{
out.clear();
if (len == 0)
return true;
while (len && data[len-1] == '=')
--len;
out.grow(len);
unsigned outSize = 0;
for (unsigned idx = 0; idx < len; idx++) {
unsigned char ch = data[idx];
if ((ch > 47 && ch < 58) || (ch > 64 && ch < 91) || (ch > 96 && ch < 123) || ch == '+' || ch == '/' || ch == '=') {
out[outSize] = base64DecMap[ch];
outSize++;
}
}
out.resize(static_cast<size_t>(outSize));
// 4-byte to 3-byte conversion
unsigned outLen = outSize - ((outSize + 3) / 4);
if (!outLen || ((outLen + 2) / 3) * 4 < outSize)
return false;
unsigned sidx = 0;
unsigned didx = 0;
if (outLen > 1) {
while (didx < outLen - 2) {
out[didx] = (((out[sidx] << 2) & 255) | ((out[sidx + 1] >> 4) & 003));
out[didx + 1] = (((out[sidx + 1] << 4) & 255) | ((out[sidx + 2] >> 2) & 017));
out[didx + 2] = (((out[sidx + 2] << 6) & 255) | (out[sidx + 3] & 077));
sidx += 4;
didx += 3;
}
}
if (didx < outLen)
out[didx] = (((out[sidx] << 2) & 255) | ((out[sidx + 1] >> 4) & 003));
if (++didx < outLen)
out[didx] = (((out[sidx + 1] << 4) & 255) | ((out[sidx + 2] >> 2) & 017));
if (outLen < out.size())
out.shrink(outLen);
return true;
}
Is this all there is to the bug or is there more that I'm not aware of?
Thanks.
Paul
_______________________________________________
webkit-dev mailing list
webkit-dev at lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20081212/16dd555e/attachment.html>
More information about the webkit-dev
mailing list