You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The function verifyPreRuntimeDigest() which verifies a digest message received from the network. It ensure the authority ID received in the message is in the current authority list by checking the ID is less than the length.
An issue arises on 32-bit operating systems where int is a 32 bit signed integer. Casting a uint32 which is larger than 2^31 will result in a negative int . A negative number will not trigger the conditional statement in verifyPreRuntimeDigest(). The function will continue to execute and later use authIdx as an index to the b.authorities list which will panic due to an Index Out Of Bounds error.
Consider modifying the conditional statement in verifyPreRuntimeDigest() to include negative numbers.
The text was updated successfully, but these errors were encountered:
The function
verifyPreRuntimeDigest()
which verifies a digest message received from the network. It ensure the authority ID received in the message is in the current authority list by checking the ID is less than the length.An issue arises on 32-bit operating systems where
int
is a 32 bit signed integer. Casting auint32
which is larger than 2^31 will result in a negativeint
. A negative number will not trigger the conditional statement inverifyPreRuntimeDigest()
. The function will continue to execute and later useauthIdx
as an index to theb.authorities
list which will panic due to an Index Out Of Bounds error.Consider modifying the conditional statement in
verifyPreRuntimeDigest()
to include negative numbers.The text was updated successfully, but these errors were encountered: