From 4e88c9a416619e8fc8a484727a57b7afcd887455 Mon Sep 17 00:00:00 2001
From: Paragon Initiative Enterprises <security@paragonie.com>
Date: Mon, 13 Jun 2022 01:24:59 -0400
Subject: [PATCH] Add missing bounds check

---
 src/Base32.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Base32.php b/src/Base32.php
index b4857c1..3ff4156 100644
--- a/src/Base32.php
+++ b/src/Base32.php
@@ -196,7 +196,7 @@ abstract class Base32 implements EncoderInterface
             return '';
         }
         if (($srcLen & 7) === 0) {
-            for ($j = 0; $j < 7; ++$j) {
+            for ($j = 0; $j < 7 && $j < $srcLen; ++$j) {
                 if ($encodedString[$srcLen - $j] === '=') {
                     throw new InvalidArgumentException(
                         "decodeNoPadding() doesn't tolerate padding"
-- 
GitLab