Merge bitcoin#24297: Fix unintended unsigned integer overflow in stre…

…ncodings fac9fe5 Fix unintended unsigned integer overflow in strencodings (MarcoFalke) Pull request description: This fixes two issues for strings that start with a colon and only have one colon: * `fMultiColon` is incorrectly set to `true` * There is an unsigned integer overflow `colon - 1` (`0 - 1`) Neither issue matters, as the result is discarded. Though, it makes sense to still fix the issue for clarity and to avoid sanitizer issues in the function. ACKs for top commit: laanwj: Code review ACK fac9fe5 shaavan: Code Review ACK fac9fe5 Tree-SHA512: e71c21a0b617abf241e561ce6b90b963e2d5e2f77bd9547ce47209a1a94b454384391f86ef5d35fedd4f4df19add3896bb3d61fed396ebba8e864e3eeb75ed59
UdjinM6 · Apr 18, 2023 · 15f6a9c · 15f6a9c
1 parent 4e100ea
commit 15f6a9c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/util/strencodings.cpp b/src/util/strencodings.cpp
@@ -112,7 +112,7 @@ void SplitHostPort(std::string in, uint16_t& portOut, std::string& hostOut)
     // if a : is found, and it either follows a [...], or no other : is in the string, treat it as port separator
     bool fHaveColon = colon != in.npos;
     bool fBracketed = fHaveColon && (in[0] == '[' && in[colon - 1] == ']'); // if there is a colon, and in[0]=='[', colon is not 0, so in[colon-1] is safe
-    bool fMultiColon = fHaveColon && (in.find_last_of(':', colon - 1) != in.npos);
+    bool fMultiColon{fHaveColon && colon != 0 && (in.find_last_of(':', colon - 1) != in.npos)};
     if (fHaveColon && (colon == 0 || fBracketed || !fMultiColon)) {
         uint16_t n;
         if (ParseUInt16(in.substr(colon + 1), &n)) {