[SDK audit] Recommendation: Hex decoder silently ignores last character of an odd-length string

Electric-Coin-Company / zcash-android-wallet-sdk

Native Android SDK for Zcash

MIT License

5 stars 9 forks source link

[SDK audit] Recommendation: Hex decoder silently ignores last character of an odd-length string #1456

Open HonzaR opened 4 months ago

HonzaR commented 4 months ago

Is your feature request related to a problem? Please describe.

The following hex decoder in BlockExt.kt will silently ignore the last character in an odd-length hex string, because of the integer division len / 2. It should instead throw an exception for odd-length strings.

Electric-Coin-Company / zcash-android-wallet-sdk

[SDK audit] Recommendation: Hex decoder silently ignores last character of an odd-length string #1456

Is your feature request related to a problem? Please describe.

Describe the solution you'd like

Alternatives you've considered

Additional context