Commons Codec
  1. Commons Codec
  2. CODEC-68

isBase64 throws ArrayIndexOutOfBoundsException on some non-BASE64 bytes

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Duplicate
    • Affects Version/s: 1.3
    • Fix Version/s: 1.4
    • Labels:
      None

      Description

      the following code throws an ArrayIndexOutOfBoundsException although it is perfectly valid (the byte 0x9c should be ignored according to the standard):

      byte[x] = new byte[] { 'n', 'A', '=', '=', 0x9c };
      Base64.decodeBase64(x);
      

      The problem is the following method:

          private static boolean isBase64(byte octect) {
              if (octect == PAD) {
                  return true;
              } else if (base64Alphabet[octect] == -1) {
                  return false;
              } else {
                  return true;
              }
          }
      

      in Java octect is a signed value, so it is not correct to use it as an offset for an array [0..254] which base64Alphabet is. 0x9c is -100!

      FIX:
      use base64Alphabet[ 0xff & octect ] in the "else if" block to convert the octet prior using it as an offset for the lookup table

        Activity

        Robert Rodewald created issue -
        Robert Rodewald made changes -
        Field Original Value New Value
        Description the following code throws an ArrayIndexOutOfBoundsException although it is perfectly valid (the byte 0x9c should be ignored according to the standard):

        byte[x] = new byte[] { 'n', 'A', '=', '=', 0x9c };
        Base64.decodeBase64(x);

        The problem is the following method:

            private static boolean isBase64(byte octect) {
                if (octect == PAD) {
                    return true;
                } else if (base64Alphabet[octect] == -1) {
                    return false;
                } else {
                    return true;
                }
            }

        in Java octect is a *signed* value, so it is not correct to use it as an offset for an array [0..254] which base64Alphabet is. 0x9c is -100!

        FIX:
        use base64Alphabet[ 0xff & octect ] in the "else if" block to convert the octet prior using it as an offset for the lookup table
        the following code throws an ArrayIndexOutOfBoundsException although it is perfectly valid (the byte 0x9c should be ignored according to the standard):

        <code>
        byte[x] = new byte[] { 'n', 'A', '=', '=', 0x9c };
        Base64.decodeBase64(x);
        </code>

        The problem is the following method:

            private static boolean isBase64(byte octect) {
                if (octect == PAD) {
                    return true;
                } else if (base64Alphabet[octect] == -1) {
                    return false;
                } else {
                    return true;
                }
            }

        in Java octect is a *signed* value, so it is not correct to use it as an offset for an array [0..254] which base64Alphabet is. 0x9c is -100!

        FIX:
        use base64Alphabet[ 0xff & octect ] in the "else if" block to convert the octet prior using it as an offset for the lookup table
        Robert Rodewald made changes -
        Description the following code throws an ArrayIndexOutOfBoundsException although it is perfectly valid (the byte 0x9c should be ignored according to the standard):

        <code>
        byte[x] = new byte[] { 'n', 'A', '=', '=', 0x9c };
        Base64.decodeBase64(x);
        </code>

        The problem is the following method:

            private static boolean isBase64(byte octect) {
                if (octect == PAD) {
                    return true;
                } else if (base64Alphabet[octect] == -1) {
                    return false;
                } else {
                    return true;
                }
            }

        in Java octect is a *signed* value, so it is not correct to use it as an offset for an array [0..254] which base64Alphabet is. 0x9c is -100!

        FIX:
        use base64Alphabet[ 0xff & octect ] in the "else if" block to convert the octet prior using it as an offset for the lookup table
        the following code throws an ArrayIndexOutOfBoundsException although it is perfectly valid (the byte 0x9c should be ignored according to the standard):

        {code}
        byte[x] = new byte[] { 'n', 'A', '=', '=', 0x9c };
        Base64.decodeBase64(x);
        {code}

        The problem is the following method:

        {code}
            private static boolean isBase64(byte octect) {
                if (octect == PAD) {
                    return true;
                } else if (base64Alphabet[octect] == -1) {
                    return false;
                } else {
                    return true;
                }
            }
        {code}

        in Java octect is a *signed* value, so it is not correct to use it as an offset for an array [0..254] which base64Alphabet is. 0x9c is -100!

        FIX:
        use base64Alphabet[ 0xff & octect ] in the "else if" block to convert the octet prior using it as an offset for the lookup table
        Henri Yandell made changes -
        Fix Version/s 1.4 [ 12311779 ]
        Henri Yandell made changes -
        Resolution Duplicate [ 3 ]
        Status Open [ 1 ] Closed [ 6 ]
        Mark Thomas made changes -
        Workflow jira [ 12430084 ] Default workflow, editable Closed status [ 12601629 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            Robert Rodewald
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 0.25h
              0.25h
              Remaining:
              Remaining Estimate - 0.25h
              0.25h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development