You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The GetHeaderV1 method is crashing when nil parameter is provided as the blockHash value
Description
I was reading the code and testing the project when I realized that the GetHeaderV1 method takes a pointer as parameter, the blockHash.
Here is the original function code :
// GetHeaderV1 TODOfunc (m*BoostService) GetHeaderV1(ctx context.Context, blockHash*string) (*GetHeaderResponse, error) {
method:="builder_getHeaderV1"logMethod:=m.log.WithField("method", method)
iflen(*blockHash) !=66 {
returnnil, fmt.Errorf("invalid block hash: %s", *blockHash)
}
// The rest of the function
}
Dereferencing the pointer without pre-verification of its content (here a non-nil check) causes the method call to crash when providing a nil value for the blockHash parameter.
I know that the function is executed in a goroutine, but still, I think it impacts stability.
Your environment
OS and version: macOS Monterey v12.3.1
branch/commit hash that causes this issue: 1108378
Steps to reproduce
How to reproduce this issue ?
As written in the project's README, I built mev-boost using the following command :
make build
And executed the binary using (don't mind the port, the default one was used by another program):
./mev-boost -port 8080
Then, in a new terminal, I ran the following curl command :
curl -X POST http://127.0.0.1:8080/ -H 'Content-Type: application/json' --data '{"jsonrpc":"2.0","method":"builder_getHeaderV1","params":[],"id":1}'
To confirm the behaviour, I also wrote the following test before patching the function :
A verification should be made before dereferencing the pointer to blockHash, and return an error if no such value has been provided.
I have created a PR for this in #101.
The text was updated successfully, but these errors were encountered:
The GetHeaderV1 method is crashing when nil parameter is provided as the
blockHash
valueDescription
I was reading the code and testing the project when I realized that the
GetHeaderV1
method takes a pointer as parameter, theblockHash
.Here is the original function code :
Dereferencing the pointer without pre-verification of its content (here a non-nil check) causes the method call to crash when providing a nil value for the
blockHash
parameter.I know that the function is executed in a goroutine, but still, I think it impacts stability.
Your environment
Steps to reproduce
As written in the project's README, I built mev-boost using the following command :
And executed the binary using (don't mind the port, the default one was used by another program):
Then, in a new terminal, I ran the following curl command :
To confirm the behaviour, I also wrote the following test before patching the function :
And both of them lead to a goroutine crash.
As mentionned in the description, the issue is caused by dereferencing a nil pointer.
Expected behaviour
The server should reject my invalid request with an error message (I suppose ?).
Actual behaviour
The goroutine handling the request crashed. Check out the logs for more info.
Logs
With the CURL command :
While running the test :
Proposed solution
A verification should be made before dereferencing the pointer to
blockHash
, and return an error if no such value has been provided.I have created a PR for this in #101.
The text was updated successfully, but these errors were encountered: