Skip to content

Fix global-buffer-overflow in Base64Decode on bytes >= 0x80#7200

Open
groeneai wants to merge 1 commit into
Azure:mainfrom
groeneai:fix-base64-signed-char-oob-upstream
Open

Fix global-buffer-overflow in Base64Decode on bytes >= 0x80#7200
groeneai wants to merge 1 commit into
Azure:mainfrom
groeneai:fix-base64-signed-char-oob-upstream

Conversation

@groeneai

@groeneai groeneai commented Jun 27, 2026
edited
Loading

Copy link
Copy Markdown

Bug

sdk/core/azure-core/src/base64.cpp mishandles invalid Base64 input in two ways, both before the existing validity check runs:

  1. Out-of-bounds read. Input bytes are read through const char* and used to index Base64DecodeArray, an int8_t[256] reverse-lookup table. char is signed on most platforms, so any byte >= 0x80 sign-extends to a negative index and reads out of bounds of the global table. AddressSanitizer reports global-buffer-overflow, READ of size 1.
  2. Undefined left shift. The table maps invalid bytes to a -1 sentinel, but the decoder shifts the looked-up value (i0 <<= 18, etc.) before checking for the sentinel. Left-shifting a negative value is undefined behavior prior to C++20 (the standard this library targets); -fsanitize=undefined reports left shift of negative value.

Both defects are present in two places:

  • the 4-byte loop helper int32_t Base64Decode(const char*)
  • the trailing-group tail of std::vector<uint8_t> Base64Decode(const std::string&)

Fix

  • Read each input byte as unsigned char before indexing, so the index is always in [0, 255].
  • Reject the -1 sentinel before any shift, in both decode paths.

Malformed input now throws std::runtime_error("Unexpected character in Base64 encoded string") cleanly on every code path, instead of reading out of bounds or shifting a negative value. Valid Base64 decodes unchanged.

Test

Extended Base64.InvalidDecode to exercise an invalid byte (high-bit 0x80/0xC0/0xFF and low-value 0x01/0x7F) in every position of both the single-group tail path and the multi-group loop path.

Validated with AddressSanitizer + UndefinedBehaviorSanitizer (clang, -fno-sanitize-recover=all): pre-fix the inputs read out of bounds and abort on the shift under C++17; post-fix they throw cleanly under C++17/20/23 and all existing valid/invalid decode cases still pass.

Copilot AI review requested due to automatic review settings June 27, 2026 23:14
@github-actions github-actions Bot added Azure.Core Community Contribution Community members are working on the issue customer-reported Issues that are reported by GitHub users external to the Azure organization. labels Jun 27, 2026
@github-actions

github-actions Bot commented Jun 27, 2026

Copy link
Copy Markdown

Thank you for your contribution @groeneai! We will review the pull request and get back to you soon.

Copilot AI reviewed Jun 27, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes a signed-char indexing bug in azure-core Base64 decoding that could trigger an out-of-bounds read when decoding bytes with the high bit set (>= 0x80). The change ensures bytes are treated as unsigned char before indexing the 256-entry reverse lookup table, and extends unit tests to cover these malformed inputs.

Changes:

  • Cast Base64 input bytes to unsigned char before indexing Base64DecodeArray in both the 4-byte decode helper and the trailing-group decode path.
  • Extend Base64.InvalidDecode to include high-bit bytes in each position for the tail path and in the loop path, verifying clean std::runtime_error behavior.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
sdk/core/azure-core/src/base64.cpp Prevents negative indexing into Base64DecodeArray by reading input bytes as unsigned before lookup.
sdk/core/azure-core/test/ut/base64_test.cpp Adds invalid-decode coverage for bytes >= 0x80 across both decode paths to guard against regressions and ASan-detected OOB reads.

This was referenced Jun 27, 2026
Open
Open
Open
@groeneai
Fix global-buffer-overflow and undefined shift in Base64Decode
0a3457c 
Base64DecodeArray is an int8_t[256] table indexed by the input byte; invalid
bytes map to a -1 sentinel that the existing `< 0` checks reject. Two defects
allowed a malformed Base64 string to misbehave before those checks ran:

1. Out-of-bounds read. The input bytes were read through `const char*`, which
   is signed on most platforms, so any byte >= 0x80 sign-extended to a negative
   index and read out of bounds of the global table (AddressSanitizer:
   global-buffer-overflow, READ of size 1). Fixed by reading each input byte as
   unsigned char before indexing, so the index is always in [0, 255].

2. Undefined left shift of a negative value. After an invalid byte mapped to the
   -1 sentinel, the decoder executed `i0 <<= 18` (and the i1/i2 shifts) before
   checking for the sentinel. Left-shifting a negative value is undefined
   behavior prior to C++20; builds with -fsanitize=undefined
   -fno-sanitize-recover=all abort on it. Fixed by rejecting the -1 sentinel
   before any shift, in both the 4-byte helper int32_t Base64Decode(const char*)
   and the trailing-group path of std::vector<uint8_t> Base64Decode(const
   std::string&). Malformed input now throws "Unexpected character in Base64
   encoded string" cleanly on every code path.

Strengthen Base64.InvalidDecode to exercise an invalid byte (high-bit 0x80,
0xC0, 0xFF and low-value 0x01, 0x7F) in every position of both the single-group
tail path and the multi-group loop path. Pre-fix these inputs read out of bounds
under ASan and abort with "left shift of negative value" under UBSan; post-fix
they throw cleanly, and valid Base64 still decodes unchanged.
@groeneai groeneai force-pushed the fix-base64-signed-char-oob-upstream branch from 460bed4 to 0a3457c Compare June 28, 2026 00:34
groeneai added a commit to groeneai/ClickHouse that referenced this pull request Jun 28, 2026
@groeneai
Bump contrib/azure to fix Base64Decode global-buffer-overflow and und…
06eb452 
…efined shift

The vendored Azure SDK Base64Decode mishandles invalid Base64 input in two ways,
both reachable in ClickHouse from azureBlobStorage() with a malformed account_key
(StorageSharedKeyCredential -> SharedKeyPolicy::GetSignature ->
Convert::Base64Decode(GetAccountKey())). It surfaced under the stress-test query
fuzzer and recurs across unrelated PRs; it is a latent SDK bug, not PR-specific.

1. Out-of-bounds read. Input bytes were read through 'const char*' and used to
   index Base64DecodeArray (int8_t[256]). On platforms where char is signed, any
   byte >= 0x80 sign-extended to a negative index and read out of bounds of the
   global table (AddressSanitizer: global-buffer-overflow, READ of size 1).

2. Undefined left shift. After an invalid byte mapped to the table's -1 sentinel,
   the decoder shifted it (i0 <<= 18, etc.) before checking for the sentinel.
   Left-shifting a negative value is undefined behavior prior to C++20; builds
   with -fsanitize=undefined -fno-sanitize-recover=all abort on it.

Bump contrib/azure to the fix commit, which reads each input byte as unsigned char
before indexing and rejects the -1 sentinel before any shift, so malformed input
throws cleanly on every code path. A strengthened Base64.InvalidDecode test
exercises an invalid byte in every position of both decode paths. The same fix is
submitted to the vendored fork (ClickHouse/azure-sdk-for-cpp#36) and to Microsoft
upstream (Azure/azure-sdk-for-cpp#7200).
@microsoft-github-policy-service

microsoft-github-policy-service Bot commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

@groeneai please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.

@microsoft-github-policy-service agree [company="{your company}"]

Options:

  • (default - no company specified) I have sole ownership of intellectual property rights to my Submissions and I am not making Submissions in the course of work for my employer.
@microsoft-github-policy-service agree
  • (when company given) I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer. By signing below, the defined term “You” includes me and my employer.
@microsoft-github-policy-service agree company="Microsoft"
Contributor License Agreement

Contribution License Agreement

This Contribution License Agreement (“Agreement”) is agreed to by the party signing below (“You”),
and conveys certain license rights to Microsoft Corporation and its affiliates (“Microsoft”) for Your
contributions to Microsoft open source projects. This Agreement is effective as of the latest signature
date below.

  1. Definitions.
    “Code” means the computer software code, whether in human-readable or machine-executable form,
    that is delivered by You to Microsoft under this Agreement.
    “Project” means any of the projects owned or managed by Microsoft and offered under a license
    approved by the Open Source Initiative (www.opensource.org).
    “Submit” is the act of uploading, submitting, transmitting, or distributing code or other content to any
    Project, including but not limited to communication on electronic mailing lists, source code control
    systems, and issue tracking systems that are managed by, or on behalf of, the Project for the purpose of
    discussing and improving that Project, but excluding communication that is conspicuously marked or
    otherwise designated in writing by You as “Not a Submission.”
    “Submission” means the Code and any other copyrightable material Submitted by You, including any
    associated comments and documentation.
  2. Your Submission. You must agree to the terms of this Agreement before making a Submission to any
    Project. This Agreement covers any and all Submissions that You, now or in the future (except as
    described in Section 4 below), Submit to any Project.
  3. Originality of Work. You represent that each of Your Submissions is entirely Your original work.
    Should You wish to Submit materials that are not Your original work, You may Submit them separately
    to the Project if You (a) retain all copyright and license information that was in the materials as You
    received them, (b) in the description accompanying Your Submission, include the phrase “Submission
    containing materials of a third party:” followed by the names of the third party and any licenses or other
    restrictions of which You are aware, and (c) follow any other instructions in the Project’s written
    guidelines concerning Submissions.
  4. Your Employer. References to “employer” in this Agreement include Your employer or anyone else
    for whom You are acting in making Your Submission, e.g. as a contractor, vendor, or agent. If Your
    Submission is made in the course of Your work for an employer or Your employer has intellectual
    property rights in Your Submission by contract or applicable law, You must secure permission from Your
    employer to make the Submission before signing this Agreement. In that case, the term “You” in this
    Agreement will refer to You and the employer collectively. If You change employers in the future and
    desire to Submit additional Submissions for the new employer, then You agree to sign a new Agreement
    and secure permission from the new employer before Submitting those Submissions.
  5. Licenses.
  • Copyright License. You grant Microsoft, and those who receive the Submission directly or
    indirectly from Microsoft, a perpetual, worldwide, non-exclusive, royalty-free, irrevocable license in the
    Submission to reproduce, prepare derivative works of, publicly display, publicly perform, and distribute
    the Submission and such derivative works, and to sublicense any or all of the foregoing rights to third
    parties.
  • Patent License. You grant Microsoft, and those who receive the Submission directly or
    indirectly from Microsoft, a perpetual, worldwide, non-exclusive, royalty-free, irrevocable license under
    Your patent claims that are necessarily infringed by the Submission or the combination of the
    Submission with the Project to which it was Submitted to make, have made, use, offer to sell, sell and
    import or otherwise dispose of the Submission alone or with the Project.
  • Other Rights Reserved. Each party reserves all rights not expressly granted in this Agreement.
    No additional licenses or rights whatsoever (including, without limitation, any implied licenses) are
    granted by implication, exhaustion, estoppel or otherwise.
  1. Representations and Warranties. You represent that You are legally entitled to grant the above
    licenses. You represent that each of Your Submissions is entirely Your original work (except as You may
    have disclosed under Section 3). You represent that You have secured permission from Your employer to
    make the Submission in cases where Your Submission is made in the course of Your work for Your
    employer or Your employer has intellectual property rights in Your Submission by contract or applicable
    law. If You are signing this Agreement on behalf of Your employer, You represent and warrant that You
    have the necessary authority to bind the listed employer to the obligations contained in this Agreement.
    You are not expected to provide support for Your Submission, unless You choose to do so. UNLESS
    REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING, AND EXCEPT FOR THE WARRANTIES
    EXPRESSLY STATED IN SECTIONS 3, 4, AND 6, THE SUBMISSION PROVIDED UNDER THIS AGREEMENT IS
    PROVIDED WITHOUT WARRANTY OF ANY KIND, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY OF
    NONINFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.
  2. Notice to Microsoft. You agree to notify Microsoft in writing of any facts or circumstances of which
    You later become aware that would make Your representations in this Agreement inaccurate in any
    respect.
  3. Information about Submissions. You agree that contributions to Projects and information about
    contributions may be maintained indefinitely and disclosed publicly, including Your name and other
    information that You submit with Your Submission.
  4. Governing Law/Jurisdiction. This Agreement is governed by the laws of the State of Washington, and
    the parties consent to exclusive jurisdiction and venue in the federal courts sitting in King County,
    Washington, unless no federal subject matter jurisdiction exists, in which case the parties consent to
    exclusive jurisdiction and venue in the Superior Court of King County, Washington. The parties waive all
    defenses of lack of personal jurisdiction and forum non-conveniens.
  5. Entire Agreement/Assignment. This Agreement is the entire agreement between the parties, and
    supersedes any and all prior agreements, understandings or communications, written or oral, between
    the parties relating to the subject matter hereof. This Agreement may be assigned by Microsoft.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments
@RickWinter RickWinter Awaiting requested review from RickWinter RickWinter is a code owner
@antkmsft antkmsft Awaiting requested review from antkmsft antkmsft is a code owner
@LarryOsterman LarryOsterman Awaiting requested review from LarryOsterman LarryOsterman is a code owner
@xirzec xirzec Awaiting requested review from xirzec xirzec is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Azure.Core Community Contribution Community members are working on the issue customer-reported Issues that are reported by GitHub users external to the Azure organization.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@groeneai