diff options
author | Wladimir J. van der Laan <laanwj@gmail.com> | 2019-07-03 14:06:45 +0200 |
---|---|---|
committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2019-07-03 14:18:29 +0200 |
commit | 085cac6b90430436997533e59ec657543dc2dadc (patch) | |
tree | 6badf1b69cc9476fb44c719b619ed85509b7b655 /src/uint256.cpp | |
parent | 38fbb575e25245a1b119669e56f930acaf77ec81 (diff) | |
parent | 0f459d868d85053f1cc066ea9099793f88cbd655 (diff) |
Merge #14734: fix an undefined behavior in uint::SetHex
0f459d868d85053f1cc066ea9099793f88cbd655 fix an undefined behavior in uint::SetHex (Kaz Wesley)
Pull request description:
Decrementing psz beyond the beginning of the string is UB, even though
the out-of-bounds pointer is never dereferenced.
I don't think any clang sanitizer covers this, so I don't see any way a test could catch the original behavior.
ACKs for top commit:
promag:
utACK 0f459d8.
l2a5b1:
utACK 0f459d868d85053f1cc066ea9099793f88cbd655
Tree-SHA512: 388223254ea6e955f643d2ebdf74d15a3d494e9f0597d9f05987ebb708d7a1cc06ce64bd25d447d75b5f5561bdae9630dcf25adb7bd75f7a382298b95d127162
Diffstat (limited to 'src/uint256.cpp')
-rw-r--r-- | src/uint256.cpp | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/src/uint256.cpp b/src/uint256.cpp index e3bc9712e8..ea7164c1f0 100644 --- a/src/uint256.cpp +++ b/src/uint256.cpp @@ -37,16 +37,15 @@ void base_blob<BITS>::SetHex(const char* psz) psz += 2; // hex string to uint - const char* pbegin = psz; - while (::HexDigit(*psz) != -1) - psz++; - psz--; + size_t digits = 0; + while (::HexDigit(psz[digits]) != -1) + digits++; unsigned char* p1 = (unsigned char*)data; unsigned char* pend = p1 + WIDTH; - while (psz >= pbegin && p1 < pend) { - *p1 = ::HexDigit(*psz--); - if (psz >= pbegin) { - *p1 |= ((unsigned char)::HexDigit(*psz--) << 4); + while (digits > 0 && p1 < pend) { + *p1 = ::HexDigit(psz[--digits]); + if (digits > 0) { + *p1 |= ((unsigned char)::HexDigit(psz[--digits]) << 4); p1++; } } |