From 146d5c61f0ebedd2e63f7b0db8cca5941153fa82 Mon Sep 17 00:00:00 2001
From: El Nerdo <10955996+elnerd@users.noreply.github.com>
Date: Wed, 29 Apr 2026 00:35:14 +0200
Subject: [PATCH] 1-byte heap-OOB READ

1-byte heap-OOB READ in li_hex2bin when the input length is odd.
---
 src/buffer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/buffer.c b/src/buffer.c
index bedf87a53..3554ee51e 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -392,7 +392,7 @@ int li_hex2bin (unsigned char * const bin, const size_t binlen, const char * con
 {
     /* validate and transform 32-byte MD5 hex string to 16-byte binary MD5,
      * or 64-byte SHA-256 or SHA-512-256 hex string to 32-byte binary digest */
-    if (len > (binlen << 1)) return -1;
+	if ((len & 1) || len > (binlen << 1)) return -1;    
     for (int i = 0, ilen = (int)len; i < ilen; i+=2) {
         int hi = hexstr[i];
         int lo = hexstr[i+1];