From 7897301b7179603a1bc74d7be9eff6ccc67398db Mon Sep 17 00:00:00 2001
From: Alex Beregszaszi <alex@rtfs.hu>
Date: Wed, 28 Feb 2018 10:44:48 +0100
Subject: Properly validate invalid hex characters in JSONIO libraries

---
 libsolidity/interface/StandardCompiler.cpp | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'libsolidity')

diff --git a/libsolidity/interface/StandardCompiler.cpp b/libsolidity/interface/StandardCompiler.cpp
index 6b113654..8c64c164 100644
--- a/libsolidity/interface/StandardCompiler.cpp
+++ b/libsolidity/interface/StandardCompiler.cpp
@@ -336,8 +336,20 @@ Json::Value StandardCompiler::compileInternal(Json::Value const& _input)
 		if (!jsonSourceName.isObject())
 			return formatFatalError("JSONError", "library entry is not a JSON object.");
 		for (auto const& library: jsonSourceName.getMemberNames())
-			// @TODO use libraries only for the given source
-			libraries[library] = h160(jsonSourceName[library].asString());
+		{
+			try
+			{
+				// @TODO use libraries only for the given source
+				libraries[library] = h160(jsonSourceName[library].asString());
+			}
+			catch (dev::BadHexCharacter)
+			{
+				return formatFatalError(
+					"JSONError",
+					"Invalid library address (\"" + jsonSourceName[library].asString() + "\") supplied."
+				);
+			}
+		}
 	}
 	m_compilerStack.setLibraries(libraries);
 
-- 
cgit