blockchain: Implement stricter bounds checking. #1825
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…nd journal decoding.
davecgh
requested changes
Aug 13, 2019
There was a problem hiding this comment.
Very nice job on this! I only spotted one potential issue and left an inline comment.
In addition to thoroughly reviewing the changes to the code itself, I also manually went through all of the newly added tests to verify they lined up with the comments and were hitting the expected error paths.
davecgh
changed the title
davecgh
approved these changes
Aug 14, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This updates the deserialization logic underneath the decodeSpentTxOut function to be more robust, including the addition of explicit bounds checks to prevent panics. In at least one case (txVersion parsing), existing bounds checks were incorrect (e.g., testing for impossible conditions).
A minor rearrangement was also done to eliminate one call to the decodeFlagsFullySpent helper.
Although empty scripts are permitted, decodeCompressedTxOut was missing logic to ensure the script version field actually exists (defaulting to 0x00 only via Golang variable initialization).
To support these changes, the TestStxoDecodeErrors test suite was updated to more closely match the updated logic, and to add new tests for error conditions.
According to "go test -coverprofile", coverage for chainio.go increased from 84.0% to 84.4%.