fix: Out-of-bounds read on zero-length int8 EIP-712 fields during display formatting

[Donjon-Cerberus]

Summary

Automated security fix for Out-of-bounds read on zero-length int8 EIP-712 fields during display formatting (High).

CWE: CWE-CWE-125
OWASP: A03:2021-Injection
Fix Confidence: high

What Changed

Added strict length validation for signed integer display formatting in ui_712_format_int(). Zero-length signed integers are now rejected before any formatting work, and the int8 branch now requires exactly one byte before dereferencing data[0], eliminating the out-of-bounds read.

Caveats

• This fix hardens the UI formatting path directly; it does not add an earlier rejection in field_hash.c, though malformed zero-length signed integers are now rejected before any display formatting occurs.

Verification Checklist

• Review the code change
• Run tests to verify no regression
• Verify the vulnerability is addressed — already verified by Cerberus Sentinel

---

Created by Cerberus Merlin

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 55.02%. Comparing base (d0275cf) to head (f8420a9).

Additional details and impacted files

@@           Coverage Diff            @@
##           develop     #980   +/-   ##
========================================
  Coverage    55.02%   55.02%           
========================================
  Files           16       16           
  Lines         1592     1592           
  Branches       198      201    +3     
========================================
  Hits           876      876           
- Misses         680      712   +32     
+ Partials        36        4   -32     

Flag	Coverage Δ
unittests	55.02% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.