From 107c6a745c6cf7e7622ca7980a10b47e7eb7ac17 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 16 Apr 2026 23:28:52 +0000
Subject: [PATCH] Add empty vector check before xdr_get in
 HerderPersistenceImpl::getQuorumSet

Add a guard to check if the decoded quorum set bytes vector is empty
before constructing xdr_get with &vec.front()/&vec.back()+1. Without
this check, calling front()/back() on an empty vector is undefined
behavior in C++. If a corrupted database row contains an empty blob,
the code now throws a descriptive runtime_error instead of proceeding
with UB. This matches the existing pattern in LedgerHeaderUtils.cpp.

Agent-Logs-Url: https://github.com/stellar/stellar-core/sessions/5f91013f-7cd3-40f0-9039-c541ad3e93b2

Co-authored-by: marta-lokhova <9428003+marta-lokhova@users.noreply.github.com>
---
 src/herder/HerderPersistenceImpl.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/herder/HerderPersistenceImpl.cpp b/src/herder/HerderPersistenceImpl.cpp
index 62c56e457b..c77361507a 100644
--- a/src/herder/HerderPersistenceImpl.cpp
+++ b/src/herder/HerderPersistenceImpl.cpp
@@ -366,6 +366,12 @@ HerderPersistence::getQuorumSet(soci::session& sess, Hash const& qSetHash)
             std::vector<uint8_t> qSetBytes;
             decoder::decode_b64(qset64, qSetBytes);
 
+            if (qSetBytes.empty())
+            {
+                throw std::runtime_error(
+                    "corrupt database: empty quorum set blob");
+            }
+
             xdr::xdr_get g1(&qSetBytes.front(), &qSetBytes.back() + 1);
             xdr_argpack_archive(g1, qset);