Check for overflow in Script::bytes_to_asm_fmt()

This adds an overflow check in `Script::bytes_to_asm_fmt()` motivated by
`electrs` issue. While it was not tested yet, I'm very confident that
overflow is the cause of panic there and even if not it can cause panic
becuase the public function takes unvalidated byte array and reads
`data_len` from it.

The `electrs` issue: https://github.com/romanz/electrs/issues/490
This commit is contained in:
Martin Habovstiak 2021-09-19 13:17:53 +02:00
parent 65d8bda73b
commit a0e1d2e706
1 changed files with 10 additions and 7 deletions

View File

@ -529,14 +529,17 @@ impl Script {
// Write any pushdata // Write any pushdata
if data_len > 0 { if data_len > 0 {
f.write_str(" ")?; f.write_str(" ")?;
if index + data_len <= script.len() { match index.checked_add(data_len) {
for ch in &script[index..index + data_len] { Some(end) if end <= script.len() => {
for ch in &script[index..end] {
write!(f, "{:02x}", ch)?; write!(f, "{:02x}", ch)?;
} }
index += data_len; index = end;
} else { },
f.write_str("<push past end>")?; _ => {
break; f.write_str("<push past end>")?;
break;
},
} }
} }
} }