Fix more corner cases in base64 decoder

Author: msimacek

graalpython/com.oracle.graal.python.test/src/tests/unittest_tags/test_base64.txt

@@ -10,6 +10,8 @@
 *graalpython.lib-python.3.test.test_base64.BaseXYTestCase.test_b32decode_error
 *graalpython.lib-python.3.test.test_base64.BaseXYTestCase.test_b32encode
 *graalpython.lib-python.3.test.test_base64.BaseXYTestCase.test_b64decode
+*graalpython.lib-python.3.test.test_base64.BaseXYTestCase.test_b64decode_invalid_chars
+*graalpython.lib-python.3.test.test_base64.BaseXYTestCase.test_b64decode_padding_error
 *graalpython.lib-python.3.test.test_base64.BaseXYTestCase.test_b64encode
 *graalpython.lib-python.3.test.test_base64.BaseXYTestCase.test_b85_padding
 *graalpython.lib-python.3.test.test_base64.BaseXYTestCase.test_b85decode

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/modules/BinasciiModuleBuiltins.java

@@ -171,18 +171,47 @@ PBytes doConvert(VirtualFrame frame, Object buffer,
         @TruffleBoundary
         private ByteSequenceStorage b64decode(byte[] data, int dataLen) {
             try {
-                // Remove superfluous padding, Java refuses it but CPython ignores it
-                int end;
-                for (end = dataLen - 1; end >= 0; end--) {
-                    if (data[end] != '=') {
-                        break;
+                /*
+                 * The JDK decoder behaves differently in some corner cases. It is more restrictive
+                 * regarding superfluous padding. On the other hand, it's more permissive when it
+                 * comes to lack of padding. We compute the expected padding ourselves to cover
+                 * these two cases manually.
+                 */
+                // Compute the expected and real padding
+                int base64chars = 0;
+                int lastBase64Char = -1;
+                int padding = 0;
+                for (int i = 0; i < dataLen; i++) {
+                    byte c = data[i];
+                    if (c >= 'a' && c <= 'z' || c >= 'A' && c <= 'Z' || c >= '0' && c <= '9' || c == '+' || c == '/') {
+                        lastBase64Char = i;
+                        base64chars++;
+                        padding = 0;
+                    }
+                    if (c == '=') {
+                        padding++;
+                    }
+                }
+                int expectedPadding = 0;
+                if (base64chars % 4 == 1) {
+                    throw PRaiseNode.raiseUncached(this, BinasciiError, "Invalid base64-encoded string: number of data characters (1) cannot be 1 more than a multiple of 4");
+                } else if (base64chars % 4 == 2) {
+                    expectedPadding = 2;
+                } else if (base64chars % 4 == 3) {
+                    expectedPadding = 1;
+                }
+                if (padding < expectedPadding) {
+                    throw PRaiseNode.raiseUncached(this, BinasciiError, "Incorrect padding");
+                }
+                // Find the end of the expected padding, if any
+                int decodeLen = lastBase64Char + 1;
+                int correctedPadding = 0;
+                for (int i = decodeLen; correctedPadding < expectedPadding && i < dataLen; i++) {
+                    if (data[i] == '=') {
+                        correctedPadding++;
+                        decodeLen = i + 1;
                     }
                 }
-                // The length without the padding
-                int unpaddedLen = end + 1;
-                // Round up to a multiple of 4 to get correct minimal padding. Clamp to dataLen in
-                // case the data is not padded correctly
-                int decodeLen = Math.min((unpaddedLen + 3) & ~3, dataLen);
                 // Using MIME decoder because that one skips over anything that is not the alphabet,
                 // just like CPython does
                 ByteBuffer result = Base64.getMimeDecoder().decode(ByteBuffer.wrap(data, 0, decodeLen));