From 07cb0b62a5fab216ed647f5a87e0f17ab3c9a615 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Fri, 7 Feb 2014 09:11:20 +0100
Subject: [PATCH] Base64 and base16 decoding: Use *dst_length as output only.

---
 ChangeLog       | 6 ++++++
 base16-decode.c | 2 --
 base16.h        | 8 ++------
 base64-decode.c | 2 --
 base64.h        | 9 ++-------
 5 files changed, 10 insertions(+), 17 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 7f86a2d3..1ae5c90b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2014-02-07  Niels Möller  <nisse@lysator.liu.se>
+
+	* base64-decode.c (base64_decode_update): Use *dst_length for
+	output only. Don't require callers to pass a sane value.
+	* base16-decode.c (base16_decode_update): Likewise.
+
 2014-02-06  Niels Möller  <nisse@lysator.liu.se>
 
 	* NEWS: List _set_key incompatibilities.
diff --git a/base16-decode.c b/base16-decode.c
index 4dc8abd4..4e4a517c 100644
--- a/base16-decode.c
+++ b/base16-decode.c
@@ -101,8 +101,6 @@ base16_decode_update(struct base16_decode_ctx *ctx,
   size_t done;
   size_t i;
 
-  assert(*dst_length >= BASE16_DECODE_LENGTH(src_length));
-  
   for (i = done = 0; i<src_length; i++)
     switch(base16_decode_single(ctx, dst + done, src[i]))
       {
diff --git a/base16.h b/base16.h
index 56422930..510e9f6a 100644
--- a/base16.h
+++ b/base16.h
@@ -81,13 +81,9 @@ base16_decode_single(struct base16_decode_ctx *ctx,
 		     uint8_t src);
 
 /* Returns 1 on success, 0 on error. DST should point to an area of
- * size at least BASE16_DECODE_LENGTH(length), and for sanity
- * checking, *DST_LENGTH should be initialized to the size of that
- * area before the call. *DST_LENGTH is updated to the amount of
- * decoded output. */
+ * size at least BASE16_DECODE_LENGTH(length). The amount of data
+ * generated is returned in *DST_LENGTH. */
 
-/* Currently results in an assertion failure if *DST_LENGTH is
- * too small. FIXME: Return some error instead? */
 int
 base16_decode_update(struct base16_decode_ctx *ctx,
 		     size_t *dst_length,
diff --git a/base64-decode.c b/base64-decode.c
index c7c739af..2c1ec7df 100644
--- a/base64-decode.c
+++ b/base64-decode.c
@@ -122,8 +122,6 @@ base64_decode_update(struct base64_decode_ctx *ctx,
   size_t done;
   size_t i;
 
-  assert(*dst_length >= BASE64_DECODE_LENGTH(src_length));
-  
   for (i = 0, done = 0; i<src_length; i++)
     switch(base64_decode_single(ctx, dst + done, src[i]))
       {
diff --git a/base64.h b/base64.h
index 94ed52ae..af4454c5 100644
--- a/base64.h
+++ b/base64.h
@@ -128,13 +128,8 @@ base64_decode_single(struct base64_decode_ctx *ctx,
 		     uint8_t src);
 
 /* Returns 1 on success, 0 on error. DST should point to an area of
- * size at least BASE64_DECODE_LENGTH(length), and for sanity
- * checking, *DST_LENGTH should be initialized to the size of that
- * area before the call. *DST_LENGTH is updated to the amount of
- * decoded output. */
-
-/* Currently results in an assertion failure if *DST_LENGTH is
- * too small. FIXME: Return some error instead? */
+ * size at least BASE64_DECODE_LENGTH(length). The amount of data
+ * generated is returned in *DST_LENGTH. */
 int
 base64_decode_update(struct base64_decode_ctx *ctx,
 		     size_t *dst_length,
-- 
GitLab