diff --git a/pkg/vm/context.go b/pkg/vm/context.go index 1e7ac9d1a..67dc7f1fb 100644 --- a/pkg/vm/context.go +++ b/pkg/vm/context.go @@ -59,6 +59,9 @@ func (c *Context) Next() (Instruction, []byte, error) { case PUSHDATA4: var n uint32 r.ReadLE(&n) + if n > MaxItemSize { + return instr, nil, errors.New("parameter is too big") + } numtoread = int(n) c.nextip += 4 case JMP, JMPIF, JMPIFNOT, CALL: diff --git a/pkg/vm/vm_test.go b/pkg/vm/vm_test.go index dea4a421f..7b870a733 100644 --- a/pkg/vm/vm_test.go +++ b/pkg/vm/vm_test.go @@ -2,6 +2,7 @@ package vm import ( "bytes" + "encoding/binary" "encoding/hex" "math/big" "math/rand" @@ -175,6 +176,16 @@ func TestPushData4ShortN(t *testing.T) { assert.Equal(t, true, vm.HasFailed()) } +func TestPushData4BigN(t *testing.T) { + prog := make([]byte, 1+4+MaxItemSize+1) + prog[0] = byte(PUSHDATA4) + binary.LittleEndian.PutUint32(prog[1:], MaxItemSize+1) + + vm := load(prog) + vm.Run() + assert.Equal(t, true, vm.HasFailed()) +} + func TestPushData4Good(t *testing.T) { prog := makeProgram(PUSHDATA4, 3, 0, 0, 0, 1, 2, 3) vm := load(prog)