Skip to content

[backport #658] Check for overflow in Script::bytes_to_asm_fmt()#661

Merged
apoelstra merged 3 commits intorust-bitcoin:rust-bitcoin-0.27from
apoelstra:2021-09--backport-658
Sep 20, 2021
Merged

[backport #658] Check for overflow in Script::bytes_to_asm_fmt()#661
apoelstra merged 3 commits intorust-bitcoin:rust-bitcoin-0.27from
apoelstra:2021-09--backport-658

Conversation

@apoelstra
Copy link
Copy Markdown
Member

@apoelstra apoelstra commented Sep 20, 2021

Backport of #658

Kixunil and others added 3 commits September 20, 2021 14:08
@Kixunil @apoelstra
Check for overflow in Script::bytes_to_asm_fmt()
78b152e 
This adds an overflow check in `Script::bytes_to_asm_fmt()` motivated by
`electrs` issue. While it was not tested yet, I'm very confident that
overflow is the cause of panic there and even if not it can cause panic
becuase the public function takes unvalidated byte array and reads
`data_len` from it.

The `electrs` issue: romanz/electrs#490
@Kixunil @apoelstra
Added test for the overflow bug and few others
8a529e6 
This adds a test case for script formatting which caused overflow in the
past and a few others from the same "interesting" transaction. Note that
to trigger the bug one has to run the test on 32 bit architecture.
@apoelstra
bump version to 0.27.1
6c3434c
sanket1729
sanket1729 approved these changes Sep 20, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@sanket1729 sanket1729 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 6c3434c. Same as #658 which I ACKed

@apoelstra
Copy link
Copy Markdown
Member Author

apoelstra commented Sep 20, 2021

You can confirm the commits have identical diffs using git range-diff. So I am also claiming that my ACK from #658 applies here.

ACK 6c3434c

@apoelstra apoelstra merged commit 0e848ed into rust-bitcoin:rust-bitcoin-0.27 Sep 20, 2021
@apoelstra apoelstra deleted the 2021-09--backport-658 branch September 20, 2021 14:26
@romanz
Copy link
Copy Markdown
Contributor

romanz commented Sep 20, 2021

Many thanks!

@Kixunil
Copy link
Copy Markdown
Collaborator

Kixunil commented Sep 20, 2021

Thanks from me as well!

@apoelstra
Copy link
Copy Markdown
Member Author

apoelstra commented Sep 20, 2021

FYI we will probably do another point release in the next couple days to more thoroughly kill this bug (i.e. we'll add some i686 fuzztests for these functions and find the other overflows)

@Kixunil
Copy link
Copy Markdown
Collaborator

Kixunil commented Sep 20, 2021

Great! Shame I couldn't get #662 to work with no-panic then fuzz tests wouldn't be needed.

@dr-orlovsky dr-orlovsky added this to the 0.28.0 milestone Sep 25, 2021
ChallengeDev210 pushed a commit to ChallengeDev210/rust-bitcoin that referenced this pull request Aug 1, 2022
@apoelstra
Merge rust-bitcoin/rust-bitcoin#661: [backport #658] Check for overfl…
e73595c 
…ow in Script::bytes_to_asm_fmt()

6c3434c bump version to 0.27.1 (Andrew Poelstra)
8a529e6 Added test for the overflow bug and few others (Martin Habovstiak)
78b152e Check for overflow in Script::bytes_to_asm_fmt() (Martin Habovstiak)

Pull request description:

  Backport of #658

ACKs for top commit:
  apoelstra:
    ACK 6c3434c
  sanket1729:
    ACK 6c3434c. Same as #658 which I ACKed

Tree-SHA512: ad9e02e2c748467b351039c3ab7f23b9902507cfa45d7d1084bfbaaad1ff7a1f22327b7311849f18a1a03dfd354a9424a74b125a2f412b9f6f678979a037df0a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sanket1729 sanket1729 sanket1729 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

0.28.0

Development

Successfully merging this pull request may close these issues.

5 participants

@apoelstra @romanz @Kixunil @sanket1729 @dr-orlovsky