Merge bitcoin/bitcoin#24297: Fix unintended unsigned integer overflow in strencodings

fac9fe5d05 Fix unintended unsigned integer overflow in strencodings (MarcoFalke) Pull request description: This fixes two issues for strings that start with a colon and only have one colon: * `fMultiColon` is incorrectly set to `true` * There is an unsigned integer overflow `colon - 1` (`0 - 1`) Neither issue matters, as the result is discarded. Though, it makes sense to still fix the issue for clarity and to avoid sanitizer issues in the function. ACKs for top commit: laanwj: Code review ACK fac9fe5d05 shaavan: Code Review ACK fac9fe5d05 Tree-SHA512: e71c21a0b617abf241e561ce6b90b963e2d5e2f77bd9547ce47209a1a94b454384391f86ef5d35fedd4f4df19add3896bb3d61fed396ebba8e864e3eeb75ed59
2025-10-04 19:43:29 +02:00 · 2022-02-10 07:17:06 +00:00
parent 8796c2f568 fac9fe5d05
commit 243a9c3925
1 changed files with 1 additions and 1 deletions
--- a/src/util/strencodings.cpp
+++ b/src/util/strencodings.cpp
@@ -113,7 +113,7 @@ void SplitHostPort(std::string in, uint16_t& portOut, std::string& hostOut)
    // if a : is found, and it either follows a [...], or no other : is in the string, treat it as port separator
    bool fHaveColon = colon != in.npos;
    bool fBracketed = fHaveColon && (in[0] == '[' && in[colon - 1] == ']'); // if there is a colon, and in[0]=='[', colon is not 0, so in[colon-1] is safe
-    bool fMultiColon = fHaveColon && (in.find_last_of(':', colon - 1) != in.npos);
+    bool fMultiColon{fHaveColon && colon != 0 && (in.find_last_of(':', colon - 1) != in.npos)};
    if (fHaveColon && (colon == 0 || fBracketed || !fMultiColon)) {
        uint16_t n;
        if (ParseUInt16(in.substr(colon + 1), &n)) {