Fix SpotifyId base 62 and 16 str decoding

librespot-org / librespot

Open Source Spotify client library

MIT License

4.48k stars 542 forks source link

Fix SpotifyId base 62 and 16 str decoding #1239

Closed lelloman closed 1 month ago

lelloman commented 6 months ago

A SpotifyId is expected to be a 128 bits integer and can be parsed from a base 62 or 16 string. However the parsing functions only checked the validity of the characters of the string, but not its length. This could result in integer overflows or the parsing of incorrect strings as Spotify ids.

This commit add some checks to the length of the input string passed to the parse functions, and also checks for integer overflows in case of base62 encoded strings.

lelloman commented 1 month ago

I guess that https://github.com/librespot-org/librespot/pull/1284 is needed to fix the failing clippy job?

roderickvd commented 1 month ago

Thanks! Yes the other PR is required to fix the clippy warnings.