When fuzzing the base58 functions I noticed that DecodeBase58(const std::string& str, …) is perhaps a bit too liberal in what input it accepts when decoding.

I naïvely assumed that DecodeBase58(const std::string& str, …) would return false when passing it a str which contains at least one character that is not any of the base58 characters (all alphanumeric characters except for "0", "I", "O", and "l") or the whitespace characters.

That is not the case:

• str contains good → DecodeBase58(const std::string& str, …) == true (as expected)
• str contains bad0IOl → DecodeBase58(const std::string& str, …) == false (as expected)
• str contains good\x00bad0IOl → DecodeBase58(const std::string& str, …) == true(!)

The reason is that DecodeBase58(const std::string& str, …) calls DecodeBase58(const char* psz, …) which will only consider the string up to the first \x00.