Bug 1488186 - Avoid writing past the logical length of a string in Base64URLEncode. r=froydnj

MozReview-Commit-ID: 4Sv7fHYIT9n

Differential Revision: https://phabricator.services.mozilla.com/D4912

--HG--
extra : moz-landing-system : lando

xpcom/io/Base64.cpp

@@ -697,9 +697,9 @@ Base64URLEncode(uint32_t aBinaryLen, const uint8_t* aBinary,
                 Base64URLEncodePaddingPolicy aPaddingPolicy,
                 nsACString& aBase64)
 {
+  aBase64.Truncate();
   // Don't encode empty strings.
   if (aBinaryLen == 0) {
-    aBase64.Truncate();
     return NS_OK;
   }
 
@@ -709,14 +709,15 @@ Base64URLEncode(uint32_t aBinaryLen, const uint8_t* aBinary,
   }
 
   // Allocate a buffer large enough to hold the encoded string with padding.
-  // Add one byte for null termination.
   uint32_t base64Len = ((aBinaryLen + 2) / 3) * 4;
-  if (NS_WARN_IF(!aBase64.SetCapacity(base64Len + 1, fallible))) {
-    aBase64.Truncate();
-    return NS_ERROR_FAILURE;
+
+  nsresult rv;
+  auto handle = aBase64.BulkWrite(base64Len, 0, false, rv);
+  if (NS_FAILED(rv)) {
+    return rv;
   }
 
-  char* base64 = aBase64.BeginWriting();
+  char* base64 = handle.Elements();
 
   uint32_t index = 0;
   for (; index + 3 <= aBinaryLen; index += 3) {
@@ -739,7 +740,7 @@ Base64URLEncode(uint32_t aBinaryLen, const uint8_t* aBinary,
     *base64++ = kBase64URLAlphabet[((aBinary[index + 1] & 0xf) << 2)];
   }
 
-  uint32_t length = base64 - aBase64.BeginWriting();
+  uint32_t length = base64 - handle.Elements();
   if (aPaddingPolicy == Base64URLEncodePaddingPolicy::Include) {
     if (length % 4 == 2) {
       *base64++ = '=';
@@ -754,10 +755,7 @@ Base64URLEncode(uint32_t aBinaryLen, const uint8_t* aBinary,
                "Invalid encode padding policy");
   }
 
-  // Null terminate and truncate to the actual number of characters.
-  *base64 = '\0';
-  aBase64.SetLength(length);
-
+  handle.Finish(length, false);
   return NS_OK;
 }