From bfa94b79d1f284b23ac800b0ba3cd39c1d825bdf Mon Sep 17 00:00:00 2001
From: Rick Watson <rjwats@gmail.com>
Date: Sun, 2 Jun 2019 23:31:00 +0100
Subject: [PATCH] resolve use of VLA in JWT encoder function

---
 src/ArduinoJsonJWT.cpp | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/ArduinoJsonJWT.cpp b/src/ArduinoJsonJWT.cpp
index 2a50d5d..807127f 100644
--- a/src/ArduinoJsonJWT.cpp
+++ b/src/ArduinoJsonJWT.cpp
@@ -102,17 +102,21 @@ String ArduinoJsonJWT::encode(const char *cstr, int inputLen) {
   base64_init_encodestate(&_state);
   size_t encodedLength = base64_encode_expected_len(inputLen) + 1;    
 #endif
-
-  // prepare buffer of correct length
-  char buffer[encodedLength];
+  // prepare buffer of correct length, returning an empty string on failure
+  char* buffer = (char*) malloc(encodedLength * sizeof(char));  
+  if (buffer == nullptr) {
+    return "";
+  }
 
   // encode to buffer
   int len = base64_encode_block(cstr, inputLen, &buffer[0], &_state);
   len += base64_encode_blockend(&buffer[len], &_state);
   buffer[len] = 0;
 
-  // convert to arduino string
+  // convert to arduino string, freeing buffer
   String value = String(buffer);
+  free(buffer);
+  buffer=nullptr;
 
   // remove padding and convert to URL safe form
   while (value.length() > 0 && value.charAt(value.length() - 1) == '='){