From 8311bda355ae300e0dd5c3d0386520e515888feb Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Wed, 11 Sep 2019 12:03:43 +0300 Subject: [PATCH] vm: harden LEFT and RIGHT implementations against negative indexes --- pkg/vm/vm.go | 6 ++++++ pkg/vm/vm_test.go | 18 ++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/pkg/vm/vm.go b/pkg/vm/vm.go index e20f0cedd..d2638f740 100644 --- a/pkg/vm/vm.go +++ b/pkg/vm/vm.go @@ -332,6 +332,9 @@ func (v *VM) execute(ctx *Context, op Instruction) { v.estack.PushVal(s[o : o+l]) case LEFT: l := int(v.estack.Pop().BigInt().Int64()) + if l < 0 { + panic("negative length") + } s := v.estack.Pop().Bytes() if t := len(s); l > t { l = t @@ -339,6 +342,9 @@ func (v *VM) execute(ctx *Context, op Instruction) { v.estack.PushVal(s[:l]) case RIGHT: l := int(v.estack.Pop().BigInt().Int64()) + if l < 0 { + panic("negative length") + } s := v.estack.Pop().Bytes() v.estack.PushVal(s[len(s)-l:]) case XDROP: diff --git a/pkg/vm/vm_test.go b/pkg/vm/vm_test.go index ed36f27fd..a75d78b50 100644 --- a/pkg/vm/vm_test.go +++ b/pkg/vm/vm_test.go @@ -925,6 +925,15 @@ func TestLEFTBadNoString(t *testing.T) { assert.Equal(t, true, vm.state.HasFlag(faultState)) } +func TestLEFTBadNegativeLen(t *testing.T) { + prog := makeProgram(LEFT) + vm := load(prog) + vm.estack.PushVal([]byte("abcdef")) + vm.estack.PushVal(-1) + vm.Run() + assert.Equal(t, true, vm.state.HasFlag(faultState)) +} + func TestLEFTGood(t *testing.T) { prog := makeProgram(LEFT) vm := load(prog) @@ -962,6 +971,15 @@ func TestRIGHTBadNoString(t *testing.T) { assert.Equal(t, true, vm.state.HasFlag(faultState)) } +func TestRIGHTBadNegativeLen(t *testing.T) { + prog := makeProgram(RIGHT) + vm := load(prog) + vm.estack.PushVal([]byte("abcdef")) + vm.estack.PushVal(-1) + vm.Run() + assert.Equal(t, true, vm.state.HasFlag(faultState)) +} + func TestRIGHTGood(t *testing.T) { prog := makeProgram(RIGHT) vm := load(prog)