From f22a45f4d6dec800c7ef743cc33d6549e8ab0418 Mon Sep 17 00:00:00 2001
From: Pieter Wuille <pieter.wuille@gmail.com>
Date: Fri, 3 May 2019 16:08:11 -0700
Subject: [PATCH 1/2] Do not construct out-of-bound pointers in
 SHA512/SHA1/RIPEMD160 code

---
 src/crypto/ripemd160.cpp | 2 +-
 src/crypto/sha1.cpp      | 2 +-
 src/crypto/sha512.cpp    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/crypto/ripemd160.cpp b/src/crypto/ripemd160.cpp
index 77c9acfc26..05534652c4 100644
--- a/src/crypto/ripemd160.cpp
+++ b/src/crypto/ripemd160.cpp
@@ -256,7 +256,7 @@ CRIPEMD160& CRIPEMD160::Write(const unsigned char* data, size_t len)
         ripemd160::Transform(s, buf);
         bufsize = 0;
     }
-    while (end >= data + 64) {
+    while (end - data >= 64) {
         // Process full chunks directly from the source.
         ripemd160::Transform(s, data);
         bytes += 64;
diff --git a/src/crypto/sha1.cpp b/src/crypto/sha1.cpp
index 0b895b33a2..6dd8caede7 100644
--- a/src/crypto/sha1.cpp
+++ b/src/crypto/sha1.cpp
@@ -163,7 +163,7 @@ CSHA1& CSHA1::Write(const unsigned char* data, size_t len)
         sha1::Transform(s, buf);
         bufsize = 0;
     }
-    while (end >= data + 64) {
+    while (end - data >= 64) {
         // Process full chunks directly from the source.
         sha1::Transform(s, data);
         bytes += 64;
diff --git a/src/crypto/sha512.cpp b/src/crypto/sha512.cpp
index 564127cc31..5ec945252c 100644
--- a/src/crypto/sha512.cpp
+++ b/src/crypto/sha512.cpp
@@ -168,7 +168,7 @@ CSHA512& CSHA512::Write(const unsigned char* data, size_t len)
         sha512::Transform(s, buf);
         bufsize = 0;
     }
-    while (end >= data + 128) {
+    while (end - data >= 128) {
         // Process full chunks directly from the source.
         sha512::Transform(s, data);
         data += 128;

From bb7fdd4f4df29eedc0ee69eb2cd9ce423c07c7ea Mon Sep 17 00:00:00 2001
From: sproxet <me@sproxet.dev>
Date: Fri, 18 Nov 2022 11:14:26 +0700
Subject: [PATCH 2/2] Fix UB resulting from a bad pointer construction in
 CSHA256::Write.

---
 src/crypto/sha256.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/crypto/sha256.cpp b/src/crypto/sha256.cpp
index 5b9f00a0a2..d7d9380bb4 100644
--- a/src/crypto/sha256.cpp
+++ b/src/crypto/sha256.cpp
@@ -150,7 +150,7 @@ CSHA256& CSHA256::Write(const unsigned char* data, size_t len)
         sha256::Transform(s, buf);
         bufsize = 0;
     }
-    while (end >= data + 64) {
+    while (end - data >= 64) {
         // Process full chunks directly from the source.
         sha256::Transform(s, data);
         bytes += 64;