From 472a01af6a5ca7458d22ae2623b11ebbcf36be2b Mon Sep 17 00:00:00 2001
From: fiatjaf <fiatjaf@gmail.com>
Date: Thu, 8 Jun 2023 10:33:15 -0300
Subject: [PATCH] fix infinite loop bug caused by malformed TLVs on nip19.

---
 nip19.ts     | 7 +++----
 package.json | 2 +-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/nip19.ts b/nip19.ts
index be5379e..31e115d 100644
--- a/nip19.ts
+++ b/nip19.ts
@@ -69,9 +69,7 @@ export function decode(nip19: string): DecodeResult {
         data: {
           id: bytesToHex(tlv[0][0]),
           relays: tlv[1] ? tlv[1].map(d => utf8Decoder.decode(d)) : [],
-          author: tlv[2]?.[0]
-            ? bytesToHex(tlv[2][0])
-            : undefined
+          author: tlv[2]?.[0] ? bytesToHex(tlv[2][0]) : undefined
         }
       }
     }
@@ -123,9 +121,10 @@ function parseTLV(data: Uint8Array): TLV {
   while (rest.length > 0) {
     let t = rest[0]
     let l = rest[1]
+    if (!l) throw new Error(`malformed TLV ${t}`)
     let v = rest.slice(2, 2 + l)
     rest = rest.slice(2 + l)
-    if (v.length < l) continue
+    if (v.length < l) throw new Error(`not enough data to read on TLV ${t}`)
     result[t] = result[t] || []
     result[t].push(v)
   }
diff --git a/package.json b/package.json
index 770fbfc..79fc0c0 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "nostr-tools",
-  "version": "1.11.1",
+  "version": "1.11.2",
   "description": "Tools for making a Nostr client.",
   "repository": {
     "type": "git",