Check for overflow in Script::bytes_to_asm_fmt()
This adds an overflow check in `Script::bytes_to_asm_fmt()` motivated by `electrs` issue. While it was not tested yet, I'm very confident that overflow is the cause of panic there and even if not it can cause panic becuase the public function takes unvalidated byte array and reads `data_len` from it. The `electrs` issue: https://github.com/romanz/electrs/issues/490
This commit is contained in:
parent
65d8bda73b
commit
a0e1d2e706
|
@ -529,14 +529,17 @@ impl Script {
|
||||||
// Write any pushdata
|
// Write any pushdata
|
||||||
if data_len > 0 {
|
if data_len > 0 {
|
||||||
f.write_str(" ")?;
|
f.write_str(" ")?;
|
||||||
if index + data_len <= script.len() {
|
match index.checked_add(data_len) {
|
||||||
for ch in &script[index..index + data_len] {
|
Some(end) if end <= script.len() => {
|
||||||
|
for ch in &script[index..end] {
|
||||||
write!(f, "{:02x}", ch)?;
|
write!(f, "{:02x}", ch)?;
|
||||||
}
|
}
|
||||||
index += data_len;
|
index = end;
|
||||||
} else {
|
},
|
||||||
|
_ => {
|
||||||
f.write_str("<push past end>")?;
|
f.write_str("<push past end>")?;
|
||||||
break;
|
break;
|
||||||
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue