Skip to content

Avoid heap out-of-bounds read in Node::CalcOps (test case: OP_0 OP_2 OP_EQUAL) and assertion failure in ComputeType (test case: OP_0 OP_0 OP_EQUAL) #57

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sipa merged 2 commits into from
Aug 19, 2021
Merged

Avoid heap out-of-bounds read in Node::CalcOps (test case: OP_0 OP_2 OP_EQUAL) and assertion failure in ComputeType (test case: OP_0 OP_0 OP_EQUAL) #57

sipa merged 2 commits into from
Aug 19, 2021

Conversation

@sanket1729
Copy link
Contributor

@sanket1729 sanket1729 commented Jul 21, 2021

Closes #12.

Closes #13.

Supercedes #18

darosior
darosior reviewed Jul 23, 2021
View reviewed changes
bitcoin/script/miniscript.h Outdated
next_sats.push_back(sats[sats.size() - 1] + sub->ops.sat);
sats = std::move(next_sats);
}
assert(k < sats.size());
Copy link
Contributor

@darosior darosior Jul 23, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In c303afd, all the assertions should be k <= sats.size() instead of k < sats.size() as it's now possible and that's what you are checking for in the previous commit.

Copy link
Contributor Author

@sanket1729 sanket1729 Jul 23, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed. I should have been more careful here!

Copy link
Contributor

@darosior darosior Aug 1, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And i should have had tests to my PR updating the thresh bounds :) #59 fixes this.

@practicalswift practicalswift mentioned this pull request Jul 24, 2021
Closed
darosior
darosior approved these changes Aug 1, 2021
View reviewed changes
Copy link
Contributor

@darosior darosior left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK bc1f2c7 modulo the silent int64 -> unsigned cast.

Here is a test exercising the two fixes: darosior@24a9e0b

practicalswift and others added 2 commits August 4, 2021 17:49
@practicalswift @sanket1729
Avoid heap out-of-bounds read in Node::CalcOps (test case: OP_0 OP_2 …
0d43166 
…OP_EQUAL) and assertion failure in ComputeType (test case: OP_0 OP_0 OP_EQUAL)

Closes sipa#12.

Closes sipa#13.

Co-authored-by: sanket1729 <[email protected]>
@sanket1729 @practicalswift
Add assertions: Raise assertion failure instead of doing an out-of-bo…
a47dcc6 
…unds read in case of k > sats.size()

Co-authored-by: practicalswift <[email protected]>
darosior
darosior approved these changes Aug 5, 2021
View reviewed changes
Copy link
Contributor

@darosior darosior left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK a47dcc6

meshcollider
meshcollider reviewed Aug 18, 2021
View reviewed changes
Copy link
Contributor

@meshcollider meshcollider left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK a47dcc6

@sipa
Copy link
Owner

sipa commented Aug 19, 2021

utACK a47dcc6

@sipa sipa merged commit 30a44f8 into sipa:master Aug 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@meshcollider meshcollider meshcollider left review comments

@darosior darosior darosior approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

5 participants

@sanket1729 @sipa @meshcollider @darosior @practicalswift