From 548e329f9d67aeaed36f8bc24b459c8d1bca7603 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Vejpustek?= Date: Mon, 8 Apr 2024 16:50:28 +0200 Subject: [PATCH] fix(core): prevent negative-length array [no changelog] --- core/embed/extmod/modtrezorcrypto/modtrezorcrypto-bech32.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-bech32.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-bech32.h index 9f754bf2c..16819b914 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-bech32.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-bech32.h @@ -45,6 +45,10 @@ STATIC mp_obj_t mod_trezorcrypto_bech32_decode(size_t n_args, mp_raise_ValueError(NULL); } + if (bech.len < 8) { + mp_raise_ValueError(NULL); + } + uint8_t data[bech.len - 8]; char hrp[BECH32_MAX_HRP_LEN + 1] = {0}; size_t data_len = 0;