gaspersic/go-ethereum
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

rlp: fix list bounds check overflow (found by go-fuzz)

Browse Source 
The list size checking overflowed if the size information
for a value was bigger than the list. This is resolved by
always performing the check before reading.
This commit is contained in:
Felix Lange
2015-04-28 10:28:15 +02:00
parent b6ec1c720f
commit dd49c8e43d
2 changed files with 40 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
rlp/decode_test.go
View File

@ -119,6 +119,10 @@ func TestStreamErrors(t *testing.T) {
{"8158", calls{"Uint", "Uint"}, nil, io.EOF},
{"C0", calls{"List", "ListEnd", "List"}, nil, io.EOF},
{"", calls{"List"}, withoutInputLimit, io.EOF},
{"8158", calls{"Uint", "Uint"}, withoutInputLimit, io.EOF},
{"C0", calls{"List", "ListEnd", "List"}, withoutInputLimit, io.EOF},
// Input limit errors.
{"81", calls{"Bytes"}, nil, ErrValueTooLarge},
{"81", calls{"Uint"}, nil, ErrValueTooLarge},
@ -426,6 +430,13 @@ var decodeTests = []decodeTest{
ptr: new([]io.Reader),
error: "rlp: type io.Reader is not RLP-serializable",
},
// fuzzer crashes
{
input: "c330f9c030f93030ce3030303030303030bd303030303030",
ptr: new(interface{}),
error: "rlp: element is larger than containing list",
},
}
func uintp(i uint) *uint { return &i }