Merge #14734: fix an undefined behavior in uint::SetHex

0f459d868d fix an undefined behavior in uint::SetHex (Kaz Wesley)

Pull request description:

  Decrementing psz beyond the beginning of the string is UB, even though
  the out-of-bounds pointer is never dereferenced.

  I don't think any clang sanitizer covers this, so I don't see any way a test could catch the original behavior.

ACKs for top commit:
  promag:
    utACK 0f459d8.
  l2a5b1:
    utACK 0f459d868d

Tree-SHA512: 388223254ea6e955f643d2ebdf74d15a3d494e9f0597d9f05987ebb708d7a1cc06ce64bd25d447d75b5f5561bdae9630dcf25adb7bd75f7a382298b95d127162
pull/16332/head
Wladimir J. van der Laan 5 years ago
commit 085cac6b90
No known key found for this signature in database
GPG Key ID: 1E4AED62986CD25D

@ -37,16 +37,15 @@ void base_blob<BITS>::SetHex(const char* psz)
psz += 2;
// hex string to uint
const char* pbegin = psz;
while (::HexDigit(*psz) != -1)
psz++;
psz--;
size_t digits = 0;
while (::HexDigit(psz[digits]) != -1)
digits++;
unsigned char* p1 = (unsigned char*)data;
unsigned char* pend = p1 + WIDTH;
while (psz >= pbegin && p1 < pend) {
*p1 = ::HexDigit(*psz--);
if (psz >= pbegin) {
*p1 |= ((unsigned char)::HexDigit(*psz--) << 4);
while (digits > 0 && p1 < pend) {
*p1 = ::HexDigit(psz[--digits]);
if (digits > 0) {
*p1 |= ((unsigned char)::HexDigit(psz[--digits]) << 4);
p1++;
}
}

Loading…
Cancel
Save