
A new proposed fix is being discussed in https://github.com/haskell/base64-bytestring/pull/46. Expect a fix merged and new release sometime in the next few days. Big thanks to all involved in pinpointing and resolving this issue. Cheers, Fraser On Mon, Aug 02, 2021 at 11:52:52PM +0200, Hécate wrote:
Hi Fraser, do you have further information about this situation?
Le 25/07/2021 à 07:50, Fraser Tweedale a écrit :
Hello,
I want to bring to wider attention a memory bug present in base64-bytestring[1]. In summary, in some cases too few bytes are allocated for the output when performing base64url decoding. This can lead to memory corruption (which I have observed[2]), and possibly crashes (which I have not observed).
I submitted a pull request[2] that fixes the issue some days ago, but did not receive a response from the maintainers yet. I understand that maintainers may be busy or unavailable, and that is fine. So I am posting here mainly to ensure that USERS are aware of the issue.
To maintainers: let me know if I can provider further assistance to resolve this issue and release a fix.
[1] https://github.com/haskell/base64-bytestring/issues/44 [2] https://github.com/frasertweedale/hs-jose/issues/102 [3] https://github.com/haskell/base64-bytestring/pull/45
Thanks, Fraser _______________________________________________ Haskell-Cafe mailing list To (un)subscribe, modify options or view archives go to: http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe Only members subscribed via the mailman list are allowed to post.
-- Hécate ✨ 🐦: @TechnoEmpress IRC: Hecate WWW: https://glitchbra.in RUN: BSD
_______________________________________________ Haskell-Cafe mailing list To (un)subscribe, modify options or view archives go to: http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe Only members subscribed via the mailman list are allowed to post.