Skip to content

Commit

Permalink
added a check for int overflows in ReadByteArray (#219)
Browse files Browse the repository at this point in the history 
* check for int overflow in ReadByteArray()

* add changelog
  • Loading branch information
@fschoell
fschoell authored Oct 29, 2024
1 parent 54ee017 commit 0144538
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

### Unreleased

* Added a check for int overflows in `ReadByteArray`
* Changed valueToInt, valueToUint, valueToFload function in abiencode.go for compatible with double quoted string to number.
* Changed `NewAssetFromString` validation to allow parsing of empty assets
* Added `action_trace_v1` field
Expand Down
4 changes: 4 additions & 0 deletions decoder.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -631,6 +631,10 @@ func (d *Decoder) ReadByteArray() (out []byte, err error) {
return nil, err
}

if l > math.MaxInt || d.pos > math.MaxInt-int(l) {
return nil, errors.New("byte array: varlen is overflowing int")
}

if len(d.data) < d.pos+int(l) {
return nil, fmt.Errorf("byte array: varlen=%d, missing %d bytes", l, d.pos+int(l)-len(d.data))
}
Expand Down

0 comments on commit 0144538

Please sign in to comment.