From 2b1a89fbafa81d2d9e84c4b737c46a38a64db539 Mon Sep 17 00:00:00 2001
From: MPins <mpinsdorf@gmail.com>
Date: Tue, 24 Jun 2025 16:28:43 -0300
Subject: [PATCH] zpay32: validate UTF-8 parsing field description

---
 zpay32/decode.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/zpay32/decode.go b/zpay32/decode.go
index 76c2c1ecf..9a2277f46 100644
--- a/zpay32/decode.go
+++ b/zpay32/decode.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"strings"
 	"time"
+	"unicode/utf8"
 
 	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/btcsuite/btcd/btcec/v2/ecdsa"
@@ -18,6 +19,12 @@ import (
 	"github.com/lightningnetwork/lnd/lnwire"
 )
 
+var (
+	// ErrInvalidUTF8Description is returned if the invoice description is
+	// not valid UTF-8.
+	ErrInvalidUTF8Description = errors.New("description is not valid UTF-8")
+)
+
 // DecodeOption is a type that can be used to supply functional options to the
 // Decode function.
 type DecodeOption func(*decodeOptions)
@@ -446,6 +453,10 @@ func parseDescription(data []byte) (*string, error) {
 		return nil, err
 	}
 
+	if !utf8.Valid(base256Data) {
+		return nil, ErrInvalidUTF8Description
+	}
+
 	description := string(base256Data)
 
 	return &description, nil