Fix std/base64.decode out of bounds read (#23526)

inputLen may end up as 0 in the loop if the input string only includes trailing characters. e.g. without the patch, decode(" ") would panic.
author: bptato <60043228+bptato@users.noreply.github.com> 2024-04-22 09:44:33 +0200
committer: GitHub <noreply@github.com> 2024-04-22 09:44:33 +0200
commit: 30cf570af997a0c705f7b3f194eea7337cb44185 (patch)
tree: 34e56e5b0a0cf7e844e2a2dd01ad9004dffcc46e
parent: 60af04635f44e655c7928da36fc9394e11367d18 (diff)
download: Nim-30cf570af997a0c705f7b3f194eea7337cb44185.tar.gz
2 files changed, 3 insertions, 1 deletions
diff --git a/lib/pure/base64.nim b/lib/pure/base64.nim
index 6af5345f2..591d22cc0 100644
--- a/lib/pure/base64.nim
+++ b/lib/pure/base64.nim
@@ -244,7 +244,7 @@ proc decode*(s: string): string =
     inputLen = s.len
     inputEnds = 0
   # strip trailing characters
-  while s[inputLen - 1] in {'\n', '\r', ' ', '='}:
+  while inputLen > 0 and s[inputLen - 1] in {'\n', '\r', ' ', '='}:
     dec inputLen
   # hot loop: read 4 characters at at time
   inputEnds = inputLen - 4
diff --git a/tests/stdlib/tbase64.nim b/tests/stdlib/tbase64.nim
index 98388bb6c..c3bfb818e 100644
--- a/tests/stdlib/tbase64.nim
+++ b/tests/stdlib/tbase64.nim
@@ -18,6 +18,8 @@ template main() =
   doAssert encode("") == ""
   doAssert decode("") == ""
 
+  doAssert decode(" ") == ""
+
   const testInputExpandsTo76 = "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
   const testInputExpands = "++++++++++++++++++++++++++++++"
   const longText = """Man is distinguished, not only by his reason, but by this
author	bptato <60043228+bptato@users.noreply.github.com>	2024-04-22 09:44:33 +0200
committer	GitHub <noreply@github.com>	2024-04-22 09:44:33 +0200
commit	30cf570af997a0c705f7b3f194eea7337cb44185 (patch)
tree	34e56e5b0a0cf7e844e2a2dd01ad9004dffcc46e
parent	60af04635f44e655c7928da36fc9394e11367d18 (diff)
download	Nim-30cf570af997a0c705f7b3f194eea7337cb44185.tar.gz