The attached patch fixes integers overflows in the decoder.
The first hunk is needed for systems with signed chars (e.g. i386).
The other hunks fix the decoder on unsigned-char systems (on which it's currently completely broken).
Sorry, the initial patch didn't fix all the problems on unsiged char architectures. In particular, "=" decoding was still broken there. I'll attach a fixed patch in a moment.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Sorry, the initial patch didn't fix all the problems on unsiged char architectures. In particular, "=" decoding was still broken there. I'll attach a fixed patch in a moment.
This patch doesn't fix the off-by-one error in base64_decode_value that causes undefined behaviour if you call base64_decode_value(123)
Updated patch with off-by-one fixed
The off-by-one error seems to have been already fixed when moving the code from CVS to Git:
https://sourceforge.net/p/libb64/git/ci/master/tree/src/cdecode.c#l15
So these patches won't apply cleanly now (but the overflow and unsigned-char issues still exist).