Skip to content

guard size overflow in BytesToHexString and UrlEscape#2102

Open
nabhan06 wants to merge 1 commit into
abseil:masterfrom
nabhan06:escaping-size-overflow-guard
Open

guard size overflow in BytesToHexString and UrlEscape#2102
nabhan06 wants to merge 1 commit into
abseil:masterfrom
nabhan06:escaping-size-overflow-guard

Conversation

@nabhan06

@nabhan06 nabhan06 commented Jul 8, 2026

Copy link
Copy Markdown

BytesToHexString sizes its output as 2 * from.size() and UrlEscapeInternal as initial_portion + 3 * (input.size() - initial_portion), neither of which checks for a size_t overflow, so a large enough input wraps the length and StringResizeAndOverwrite allocates a buffer smaller than the number of bytes the following loop writes into it. CEscapedLength and CalculateBase64EscapedLenInternal in this same file already guard their expansions against size_t max with ABSL_INTERNAL_CHECK, so these two newer helpers just add the matching check with the appropriate divisor.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant