let hashOfMaxInt64 = "jvNx4BjM5KYjv" // untrusted input
let hashids = Hashids(salt: "this is my salt")
let values = hashids.decode64(hashOfMaxInt64) // 💥 Crash
A simple hash of Int64.max will crash when attempting to decode because the double overflows the integer during decoding. Personally, I think the Double -> Int constructor should return an optional since it can fail as this ends up being a foot-gun in an otherwise safe language.
Because of how hashids work, it is impossible to know ahead of time if a given input is safe without first trying to decode it. If you run this library on a web server on untrusted input, you are at risk of a crash and should patch immediately.
This PR fixes the issue and adds swift package support. Since it appears this repo is no longer accepting PRs, I will leave my fork up for others to use including this bug fix: https://github.com/gh123man/hashids
Today this library is unsafe.
A simple hash of
Int64.max
will crash when attempting to decode because the double overflows the integer during decoding. Personally, I think theDouble
->Int
constructor should return an optional since it can fail as this ends up being a foot-gun in an otherwise safe language.Because of how hashids work, it is impossible to know ahead of time if a given input is safe without first trying to decode it. If you run this library on a web server on untrusted input, you are at risk of a crash and should patch immediately.
This PR fixes the issue and adds swift package support. Since it appears this repo is no longer accepting PRs, I will leave my fork up for others to use including this bug fix: https://github.com/gh123man/hashids