Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid heap out-of-bounds read in Node::CalcOps (test case: OP_0 OP_2 OP_EQUAL) and assertion failure in ComputeType (test case: OP_0 OP_0 OP_EQUAL) #57

Merged
merged 2 commits into from
Aug 19, 2021
Merged

Avoid heap out-of-bounds read in Node::CalcOps (test case: OP_0 OP_2 OP_EQUAL) and assertion failure in ComputeType (test case: OP_0 OP_0 OP_EQUAL) #57

merged 2 commits into from
Aug 19, 2021

Conversation

sanket1729
Copy link
Contributor

Closes #12.

Closes #13.

Supercedes #18

darosior
darosior reviewed Jul 23, 2021
View reviewed changes
bitcoin/script/miniscript.h Outdated
@@ -519,6 +519,7 @@ struct Node {
next_sats.push_back(sats[sats.size() - 1] + sub->ops.sat);
sats = std::move(next_sats);
}
assert(k < sats.size());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In c303afd, all the assertions should be k <= sats.size() instead of k < sats.size() as it's now possible and that's what you are checking for in the previous commit.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed. I should have been more careful here!

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And i should have had tests to my PR updating the thresh bounds :) #59 fixes this.

@practicalswift practicalswift mentioned this pull request Jul 24, 2021
Closed
darosior
darosior approved these changes Aug 1, 2021
View reviewed changes
Copy link
Contributor

@darosior darosior left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK bc1f2c7 modulo the silent int64 -> unsigned cast.

Here is a test exercising the two fixes: darosior@24a9e0b

bitcoin/script/miniscript.h Outdated Show resolved Hide resolved
practicalswift and others added 2 commits August 4, 2021 17:49
@practicalswift @sanket1729
Avoid heap out-of-bounds read in Node::CalcOps (test case: OP_0 OP_2 …
0d43166 
…OP_EQUAL) and assertion failure in ComputeType (test case: OP_0 OP_0 OP_EQUAL)

Closes sipa#12.

Closes sipa#13.

Co-authored-by: sanket1729 <sanket1729@gmail.com>
@sanket1729 @practicalswift
Add assertions: Raise assertion failure instead of doing an out-of-bo…
a47dcc6 
…unds read in case of k > sats.size()

Co-authored-by: practicalswift <practicalswift@users.noreply.github.com>
darosior
darosior approved these changes Aug 5, 2021
View reviewed changes
Copy link
Contributor

@darosior darosior left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK a47dcc6

meshcollider
meshcollider reviewed Aug 18, 2021
View reviewed changes
Copy link
Contributor

@meshcollider meshcollider left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK a47dcc6

@sipa
Copy link
Owner

sipa commented Aug 19, 2021

utACK a47dcc6

@sipa sipa merged commit 30a44f8 into sipa:master Aug 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@meshcollider meshcollider meshcollider left review comments

@darosior darosior darosior approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
5 participants
@sanket1729 @sipa @meshcollider @darosior @practicalswift