Check for overflow in Script::bytes_to_asm_fmt()

This adds an overflow check in `Script::bytes_to_asm_fmt()` motivated by `electrs` issue. While it was not tested yet, I'm very confident that overflow is the cause of panic there and even if not it can cause panic becuase the public function takes unvalidated byte array and reads `data_len` from it. The `electrs` issue: https://github.com/romanz/electrs/issues/490
2021-09-19 13:17:53 +02:00 · 2021-09-19 13:17:53 +02:00 · a0e1d2e706
parent 65d8bda73b
commit a0e1d2e706
1 changed files with 10 additions and 7 deletions
--- a/src/blockdata/script.rs
+++ b/src/blockdata/script.rs
@ -529,14 +529,17 @@ impl Script {
            // Write any pushdata
            if data_len > 0 {
                f.write_str(" ")?;
-                if index + data_len <= script.len() {
-                    for ch in &script[index..index + data_len] {
+                match index.checked_add(data_len) {
+                    Some(end) if end <= script.len() => {
+                        for ch in &script[index..end] {
                            write!(f, "{:02x}", ch)?;
-                    }
-                    index += data_len;
-                } else {
-                    f.write_str("<push past end>")?;
-                    break;
+                        }
+                        index = end;
+                    },
+                    _ => {
+                        f.write_str("<push past end>")?;
+                        break;
+                    },
                }
            }
        }