From c89b8164377123eb20476636f2f5271c6a687406 Mon Sep 17 00:00:00 2001 From: "Tobin C. Harding" Date: Mon, 28 Oct 2024 08:09:41 +1100 Subject: [PATCH] psbt: Fix bug in Subtype consensus_encode In #2906 we switched from using a `u8` for type keys to using a `u64` and encoding as a compact int (inline with the spec). Note that a `u8` encodes to the same bytes as a `u64` when the value is < 252. In that patch, I introduced a bug because the length returned by `PoprietaryKey::consensus_encode` uses a hard code 1 for the length of the encoding (because of single byte) instead of the variable length for the new compact encoding. Bug showed up in fuzzing, and was isolated by Jamil - mad props. --- bitcoin/src/psbt/raw.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bitcoin/src/psbt/raw.rs b/bitcoin/src/psbt/raw.rs index 110624b58..fb49001d9 100644 --- a/bitcoin/src/psbt/raw.rs +++ b/bitcoin/src/psbt/raw.rs @@ -143,8 +143,8 @@ where Subtype: Copy + From + Into, { fn consensus_encode(&self, w: &mut W) -> Result { - let mut len = self.prefix.consensus_encode(w)? + 1; - w.emit_compact_size(self.subtype.into())?; + let mut len = self.prefix.consensus_encode(w)?; + len += w.emit_compact_size(self.subtype.into())?; w.write_all(&self.key)?; len += self.key.len(); Ok(len)