Fix base64 validation and add comprehensive tests

Author: Reranko05

cpp/src/arrow/util/CMakeLists.txt

@@ -49,6 +49,7 @@ add_arrow_test(utility-test
                SOURCES
                align_util_test.cc
                atfork_test.cc
+               base64_test.cc
                byte_size_test.cc
                byte_stream_split_test.cc
                cache_test.cc

cpp/src/arrow/util/base64_test.cc

@@ -0,0 +1,86 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#include "arrow/testing/gtest_util.h"
+#include "arrow/util/base64.h"
+
+
+namespace arrow {
+namespace util {
+
+TEST(Base64DecodeTest, ValidInputs) {
+  ASSERT_OK_AND_ASSIGN(auto empty, arrow::util::base64_decode(""));
+  EXPECT_EQ(empty, "");
+
+  ASSERT_OK_AND_ASSIGN(auto two_paddings, arrow::util::base64_decode("Zg=="));
+  EXPECT_EQ(two_paddings, "f");
+
+  ASSERT_OK_AND_ASSIGN(auto one_padding, arrow::util::base64_decode("Zm8="));
+  EXPECT_EQ(one_padding, "fo");
+
+  ASSERT_OK_AND_ASSIGN(auto no_padding, arrow::util::base64_decode("Zm9v"));
+  EXPECT_EQ(no_padding, "foo");
+
+  ASSERT_OK_AND_ASSIGN(auto multiblock, arrow::util::base64_decode("SGVsbG8gd29ybGQ="));
+  EXPECT_EQ(multiblock, "Hello world");
+}
+
+TEST(Base64DecodeTest, BinaryOutput) {
+  // 'A' maps to index 0 — same zero value used for padding slots
+  // verifies the 'A' bug is not present
+  ASSERT_OK_AND_ASSIGN(auto all_A, arrow::util::base64_decode("AAAA"));
+  EXPECT_EQ(all_A, std::string("\x00\x00\x00", 3));
+
+  // Arbitrary non-ASCII output bytes
+  ASSERT_OK_AND_ASSIGN(auto binary, arrow::util::base64_decode("AP8A"));
+  EXPECT_EQ(binary, std::string("\x00\xff\x00", 3));
+}
+
+TEST(Base64DecodeTest, InvalidLength) {
+  ASSERT_RAISES_WITH_MESSAGE(
+    Invalid,
+    "Invalid: Invalid base64 input: length is not a multiple of 4",
+    arrow::util::base64_decode("abc"));
+}
+
+TEST(Base64DecodeTest, InvalidCharacters) {
+  ASSERT_RAISES(Invalid, arrow::util::base64_decode("ab$="));
+
+  // Non-ASCII byte
+  std::string non_ascii = std::string("abc") + static_cast<char>(0xFF);
+  ASSERT_RAISES(Invalid, arrow::util::base64_decode(non_ascii));
+
+  // Corruption mid-string across multiple blocks
+  ASSERT_RAISES(Invalid, arrow::util::base64_decode("aGVs$G8gd29ybGQ="));
+}
+
+TEST(Base64DecodeTest, InvalidPadding) {
+  // Padding in wrong position within block
+  ASSERT_RAISES(Invalid, arrow::util::base64_decode("ab=c"));
+
+  // 3 padding characters — exceeds maximum of 2
+  ASSERT_RAISES(Invalid, arrow::util::base64_decode("a==="));
+
+  // 4 padding characters
+  ASSERT_RAISES(Invalid, arrow::util::base64_decode("===="));
+
+  // Padding in non-final block across multiple blocks
+  ASSERT_RAISES(Invalid, arrow::util::base64_decode("Zm8=Zm8="));
+}
+
+}
+}

cpp/src/arrow/util/string_test.cc

@@ -239,48 +239,6 @@ TEST(ToChars, FloatingPoint) {
   }
 }
 
-TEST(Base64DecodeTest, ValidInputs) {
-  ASSERT_OK_AND_ASSIGN(auto two_paddings, arrow::util::base64_decode("Zg=="));
-  EXPECT_EQ(two_paddings, "f");
-
-  ASSERT_OK_AND_ASSIGN(auto one_padding, arrow::util::base64_decode("Zm8="));
-  EXPECT_EQ(one_padding, "fo");
-
-  ASSERT_OK_AND_ASSIGN(auto no_padding, arrow::util::base64_decode("Zm9v"));
-  EXPECT_EQ(no_padding, "foo");
-
-  ASSERT_OK_AND_ASSIGN(auto single_char, arrow::util::base64_decode("TQ=="));
-  EXPECT_EQ(single_char, "M");
-}
-
-TEST(Base64DecodeTest, InvalidLength) {
-  ASSERT_RAISES(Invalid, arrow::util::base64_decode("abc"));
-  ASSERT_RAISES(Invalid, arrow::util::base64_decode("abcde"));
-}
-
-TEST(Base64DecodeTest, InvalidCharacters) {
-  ASSERT_RAISES(Invalid, arrow::util::base64_decode("ab$="));
-}
-
-TEST(Base64DecodeTest, InvalidPadding) {
-  ASSERT_RAISES(Invalid, arrow::util::base64_decode("ab=c"));
-  ASSERT_RAISES(Invalid, arrow::util::base64_decode("===="));
-}
-
-TEST(Base64DecodeTest, EdgeCases) {
-  ASSERT_OK_AND_ASSIGN(auto empty, arrow::util::base64_decode(""));
-  EXPECT_EQ(empty, "");
-}
-
-TEST(Base64DecodeTest, NonAsciiInput) {
-  std::string input = std::string("abc") + static_cast<char>(0xFF);
-  ASSERT_RAISES(Invalid, arrow::util::base64_decode(input));
-}
-
-TEST(Base64DecodeTest, PartialCorruption) {
-  ASSERT_RAISES(Invalid, arrow::util::base64_decode("aGVs$G8gd29ybGQ="));
-}
-
 #if !defined(_WIN32) || defined(NDEBUG)
 
 TEST(ToChars, LocaleIndependent) {

cpp/src/arrow/vendored/base64.cpp

@@ -93,63 +93,66 @@ std::string base64_encode(std::string_view string_to_encode) {
 Result<std::string> base64_decode(std::string_view encoded_string) {
   size_t in_len = encoded_string.size();
   int i = 0;
-  int j = 0;
   int in_ = 0;
+  int padding_count = 0;
+  int block_padding = 0;
+  bool padding_started = false;
   unsigned char char_array_4[4], char_array_3[3];
   std::string ret;
 
   if (encoded_string.size() % 4 != 0) {
     return Status::Invalid("Invalid base64 input: length is not a multiple of 4");
   }
 
-  size_t padding_start = encoded_string.find('=');
-  if (padding_start != std::string_view::npos) {
-    size_t padding_count = encoded_string.size() - padding_start;
-    if (padding_count > 2) {
-      return Status::Invalid("Invalid base64 input: too many padding characters");
-    }
+  while (in_len--) {
+    unsigned char c = encoded_string[in_];
+
+    if (c == '=') {
+      padding_started = true;
+      padding_count++;
 
-    for (size_t i = padding_start; i < encoded_string.size(); ++i) {
-      if (encoded_string[i] != '=') {
+      if (padding_count > 2) {
+        return Status::Invalid("Invalid base64 input: too many padding characters");
+      }
+
+      char_array_4[i++] = 0;
+    } else {
+      if (padding_started) {
         return Status::Invalid("Invalid base64 input: padding characters must be at the end");
       }
-    }
-  }
 
-  while (in_len-- && encoded_string[in_] != '=') {
-    unsigned char c = encoded_string[in_];
+      if (base64_chars.find(c) == std::string::npos) {
+        return Status::Invalid(
+            "Invalid base64 input: contains non-base64 byte at position " +
+            std::to_string(in_));
+      }
 
-    if (base64_chars.find(c) == std::string::npos) {
-      return Status::Invalid("Invalid base64 input: contains non-base64 byte at position " + std::to_string(in_));
+      char_array_4[i++] = c;
     }
 
-    char_array_4[i++] = c;
     in_++;
 
     if (i == 4) {
-      for (i = 0; i < 4; i++)
-        char_array_4[i] = base64_chars.find(char_array_4[i]) & 0xff;
+      for (i = 0; i < 4; i++) {
+        if (char_array_4[i] != 0) {
+          char_array_4[i] = base64_chars.find(char_array_4[i]) & 0xff;
+        }
+      }
 
-      char_array_3[0] = ( char_array_4[0] << 2       ) + ((char_array_4[1] & 0x30) >> 4);
+      char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4);
       char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2);
-      char_array_3[2] = ((char_array_4[2] & 0x3) << 6) +   char_array_4[3];
+      char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3];
+
+      block_padding = padding_count;
 
-      for (i = 0; (i < 3); i++)
+      for (i = 0; i < 3 - block_padding; i++) {
         ret += char_array_3[i];
+      }
+
       i = 0;
     }
   }
 
-  if (i) {
-    for (j = 0; j < i; j++)
-      char_array_4[j] = base64_chars.find(char_array_4[j]) & 0xff;
-
-    char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4);
-    char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2);
-
-    for (j = 0; (j < i - 1); j++) ret += char_array_3[j];
-  }
-
   return ret;
 }