aboutsummaryrefslogtreecommitdiff
path: root/src/uint256.cpp
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@gmail.com>2019-07-03 14:06:45 +0200
committerWladimir J. van der Laan <laanwj@gmail.com>2019-07-03 14:18:29 +0200
commit085cac6b90430436997533e59ec657543dc2dadc (patch)
tree6badf1b69cc9476fb44c719b619ed85509b7b655 /src/uint256.cpp
parent38fbb575e25245a1b119669e56f930acaf77ec81 (diff)
parent0f459d868d85053f1cc066ea9099793f88cbd655 (diff)
Merge #14734: fix an undefined behavior in uint::SetHex
0f459d868d85053f1cc066ea9099793f88cbd655 fix an undefined behavior in uint::SetHex (Kaz Wesley) Pull request description: Decrementing psz beyond the beginning of the string is UB, even though the out-of-bounds pointer is never dereferenced. I don't think any clang sanitizer covers this, so I don't see any way a test could catch the original behavior. ACKs for top commit: promag: utACK 0f459d8. l2a5b1: utACK 0f459d868d85053f1cc066ea9099793f88cbd655 Tree-SHA512: 388223254ea6e955f643d2ebdf74d15a3d494e9f0597d9f05987ebb708d7a1cc06ce64bd25d447d75b5f5561bdae9630dcf25adb7bd75f7a382298b95d127162
Diffstat (limited to 'src/uint256.cpp')
-rw-r--r--src/uint256.cpp15
1 files changed, 7 insertions, 8 deletions
diff --git a/src/uint256.cpp b/src/uint256.cpp
index e3bc9712e8..ea7164c1f0 100644
--- a/src/uint256.cpp
+++ b/src/uint256.cpp
@@ -37,16 +37,15 @@ void base_blob<BITS>::SetHex(const char* psz)
psz += 2;
// hex string to uint
- const char* pbegin = psz;
- while (::HexDigit(*psz) != -1)
- psz++;
- psz--;
+ size_t digits = 0;
+ while (::HexDigit(psz[digits]) != -1)
+ digits++;
unsigned char* p1 = (unsigned char*)data;
unsigned char* pend = p1 + WIDTH;
- while (psz >= pbegin && p1 < pend) {
- *p1 = ::HexDigit(*psz--);
- if (psz >= pbegin) {
- *p1 |= ((unsigned char)::HexDigit(*psz--) << 4);
+ while (digits > 0 && p1 < pend) {
+ *p1 = ::HexDigit(psz[--digits]);
+ if (digits > 0) {
+ *p1 |= ((unsigned char)::HexDigit(psz[--digits]) << 4);
p1++;
}
}