[backport #658] Check for overflow in Script::bytes_to_asm_fmt() #661
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This adds an overflow check in `Script::bytes_to_asm_fmt()` motivated by `electrs` issue. While it was not tested yet, I'm very confident that overflow is the cause of panic there and even if not it can cause panic becuase the public function takes unvalidated byte array and reads `data_len` from it. The `electrs` issue: romanz/electrs#490
This adds a test case for script formatting which caused overflow in the past and a few others from the same "interesting" transaction. Note that to trigger the bug one has to run the test on 32 bit architecture.
|
Many thanks! |
|
Thanks from me as well! |
|
FYI we will probably do another point release in the next couple days to more thoroughly kill this bug (i.e. we'll add some i686 fuzztests for these functions and find the other overflows) |
|
Great! Shame I couldn't get #662 to work with |
ChallengeDev210
pushed a commit
to ChallengeDev210/rust-bitcoin
that referenced
this pull request
Aug 1, 2022
…ow in Script::bytes_to_asm_fmt() 6c3434c bump version to 0.27.1 (Andrew Poelstra) 8a529e6 Added test for the overflow bug and few others (Martin Habovstiak) 78b152e Check for overflow in Script::bytes_to_asm_fmt() (Martin Habovstiak) Pull request description: Backport of #658 ACKs for top commit: apoelstra: ACK 6c3434c sanket1729: ACK 6c3434c. Same as #658 which I ACKed Tree-SHA512: ad9e02e2c748467b351039c3ab7f23b9902507cfa45d7d1084bfbaaad1ff7a1f22327b7311849f18a1a03dfd354a9424a74b125a2f412b9f6f678979a037df0a
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport of #658