Skip to content

fix(enr): prevent RangeError crash on malformed ENR port values#333

Merged
wemeetagain merged 3 commits intoChainSafe:masterfrom
guha-rahul:fix
Mar 12, 2026
Merged

fix(enr): prevent RangeError crash on malformed ENR port values#333
wemeetagain merged 3 commits intoChainSafe:masterfrom
guha-rahul:fix

Conversation

@guha-rahul
Copy link
Contributor

@guha-rahul guha-rahul commented Mar 10, 2026

Problem

When a peer sends an ENR with a UDP/TCP/QUIC port value less than 2 bytes, getLocationMultiaddr() passes it directly to bytesToValue() which calls DataView.getUint16() internally, throwing an unhandled RangeError that crashes the process .

RangeError: Offset is outside the bounds of the DataView
    at DataView.prototype.getUint16 (<anonymous>)
    at Object.bytes2port [as bytesToValue] (@multiformats/multiaddr/src/utils.ts:25)
    at ENR.getLocationMultiaddr (@chainsafe/enr/src/enr.ts:347)

Solution

Add a protoVal.length < 2 guard alongside the existing !protoVal check for all three protocol branches (udp, tcp, quic) in getLocationMultiaddr().

@guha-rahul guha-rahul requested a review from a team as a code owner March 10, 2026 08:38
wemeetagain
wemeetagain reviewed Mar 10, 2026
View reviewed changes
wemeetagain
wemeetagain approved these changes Mar 12, 2026
View reviewed changes
Copy link
Member

@wemeetagain wemeetagain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good

@wemeetagain wemeetagain merged commit 3ffc7c6 into ChainSafe:master Mar 12, 2026
5 checks passed
This was referenced Mar 16, 2026
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wemeetagain wemeetagain wemeetagain approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@guha-rahul @wemeetagain