You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a bug in go-xdr (I wasn't able to create an issue there) when trying to unmarshal variable-length array without specified size. Take a look at this union:
Bytes marked with ^ represent the size of an array, which should be 1 since it contains only one address, but it has been changed to some very large number. As a result go-xdr is trying to allocate a large chunk of memory for the array that in reality is really small. Here's a little proof-of-concept:
A fix should check if the number of remaining bytes is less than or equal the specified size before allocating memory (you can check how it's works in xdrpp).
The text was updated successfully, but these errors were encountered:
There is a bug in go-xdr (I wasn't able to create an issue there) when trying to unmarshal variable-length array without specified size. Take a look at this union:
We can create a special
StellarMessage
that looks like:Bytes marked with
^
represent the size of an array, which should be1
since it contains only one address, but it has been changed to some very large number. As a result go-xdr is trying to allocate a large chunk of memory for the array that in reality is really small. Here's a little proof-of-concept:A fix should check if the number of remaining bytes is less than or equal the specified size before allocating memory (you can check how it's works in xdrpp).
The text was updated successfully, but these errors were encountered: