From: oblivionsage <cookieandcream560@gmail.com>
Date: Thu, 13 Nov 2025 00:52:38 +0000 (+0100)
Subject: fix: prevent integer underflow in amount() bounds check
X-Git-Url: https://git.nutra.tk/v2?a=commitdiff_plain;h=d248417f2cca1e93d6c6ccda07186bd71b8b6978;p=gamesguru%2Ffeather.git

fix: prevent integer underflow in amount() bounds check

The bounds check 'index > arr.size() - 1' has an edge case bug.
When arr.size() is 0, subtracting 1 from an unsigned size_t
underflows to SIZE_MAX, so 'index > SIZE_MAX' is always false.

This could theoretically allow out-of-bounds access, though it's
pretty hard to trigger in practice - would need a malformed/corrupted
unsigned_tx file that parses successfully but has no transactions.

Changed to 'arr.empty() || index >= arr.size()' which handles
the edge case properly.

Found with AddressSanitizer during fuzzing.
---

diff --git a/src/libwalletqt/UnsignedTransaction.cpp b/src/libwalletqt/UnsignedTransaction.cpp
index 02206dde..8eef4250 100644
--- a/src/libwalletqt/UnsignedTransaction.cpp
+++ b/src/libwalletqt/UnsignedTransaction.cpp
@@ -19,7 +19,7 @@ QString UnsignedTransaction::errorString() const
 quint64 UnsignedTransaction::amount(size_t index) const
 {
     std::vector<uint64_t> arr = m_pimpl->amount();
-    if(index > arr.size() - 1)
+    if(arr.empty() || index >= arr.size())
         return 0;
     return arr[index];
 }