Skip to content

Commit

Permalink
validate buffer length prior to calling Uint64 (#1588)
Browse files Browse the repository at this point in the history
  • Loading branch information
@tsachiherman
tsachiherman authored Oct 1, 2024
1 parent c24f0d8 commit 165a455
Show file tree
Hide file tree
Showing 6 changed files with 33 additions and 10 deletions.
17 changes: 14 additions & 3 deletions chain/block.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"fmt"
"time"

"github.com/ava-labs/avalanchego/database"
"github.com/ava-labs/avalanchego/ids"
"github.com/ava-labs/avalanchego/snow/consensus/snowman"
"github.com/ava-labs/avalanchego/snow/engine/snowman/block"
Expand Down Expand Up @@ -426,7 +427,10 @@ func (b *StatefulBlock) innerVerify(ctx context.Context, vctx VerifyContext) err
if err != nil {
return err
}
parentHeight := binary.BigEndian.Uint64(parentHeightRaw)
parentHeight, err := database.ParseUInt64(parentHeightRaw)
if err != nil {
return err
}
if b.Hght != parentHeight+1 {
return ErrInvalidBlockHeight
}
Expand All @@ -440,7 +444,11 @@ func (b *StatefulBlock) innerVerify(ctx context.Context, vctx VerifyContext) err
if err != nil {
return err
}
parentTimestamp := int64(binary.BigEndian.Uint64(parentTimestampRaw))
parentTimestampUint64, err := database.ParseUInt64(parentTimestampRaw)
if err != nil {
return err
}
parentTimestamp := int64(parentTimestampUint64)
if b.Tmstmp < parentTimestamp+r.GetMinBlockGap() {
return ErrTimestampTooEarly
}
Expand Down Expand Up @@ -731,7 +739,10 @@ func (b *StatefulBlock) View(ctx context.Context, verify bool) (state.View, erro
if err != nil {
return nil, err
}
acceptedHeight := binary.BigEndian.Uint64(acceptedHeightRaw)
acceptedHeight, err := database.ParseUInt64(acceptedHeightRaw)
if err != nil {
return nil, err
}
if acceptedHeight == b.Hght {
b.vm.Logger().Info("accepted block not processed but found post-execution state on-disk",
zap.Uint64("height", b.Hght),
Expand Down
6 changes: 5 additions & 1 deletion docs/tutorials/morpheusvm/morpheusvm.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -332,7 +332,11 @@ func innerGetBalance(
if err != nil {
return 0, false, err
}
return binary.BigEndian.Uint64(v), true, nil
val, err := database.ParseUInt64(v)
if err != nil {
return 0, false, err
}
return val, true, nil
}
```

Expand Down
6 changes: 5 additions & 1 deletion examples/morpheusvm/storage/storage.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,11 @@ func innerGetBalance(
if err != nil {
return 0, false, err
}
return binary.BigEndian.Uint64(v), true, nil
val, err := database.ParseUInt64(v)
if err != nil {
return 0, false, err
}
return val, true, nil
}

func SetBalance(
Expand Down
6 changes: 5 additions & 1 deletion examples/vmwithcontracts/storage/storage.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,11 @@ func innerGetBalance(
if err != nil {
return 0, false, err
}
return binary.BigEndian.Uint64(v), true, nil
val, err := database.ParseUInt64(v)
if err != nil {
return 0, false, err
}
return val, true, nil
}

func SetBalance(
Expand Down
6 changes: 3 additions & 3 deletions vm/storage.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ func (vm *VM) GetLastAcceptedHeight() (uint64, error) {
if err != nil {
return 0, err
}
return binary.BigEndian.Uint64(b), nil
return database.ParseUInt64(b)
}

func (vm *VM) SetLastProcessedHeight(height uint64) error {
Expand All @@ -98,7 +98,7 @@ func (vm *VM) GetLastProcessedHeight() (uint64, error) {
if err != nil {
return 0, err
}
return binary.BigEndian.Uint64(b), nil
return database.ParseUInt64(b)
}

func (vm *VM) shouldCompact(expiryHeight uint64) bool {
Expand Down Expand Up @@ -199,7 +199,7 @@ func (vm *VM) GetBlockIDHeight(blkID ids.ID) (uint64, error) {
if err != nil {
return 0, err
}
return binary.BigEndian.Uint64(b), nil
return database.ParseUInt64(b)
}

// CompactDiskBlocks forces compaction on the entire range of blocks up to [lastExpired].
Expand Down
2 changes: 1 addition & 1 deletion x/contracts/simulator/state/manager.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ func (p *ContractStateManager) GetBalance(ctx context.Context, address codec.Add
return 0, err
}

return binary.BigEndian.Uint64(v), nil
return database.ParseUInt64(v)
}

func (p *ContractStateManager) SetBalance(ctx context.Context, address codec.Address, amount uint64) error {
Expand Down

0 comments on commit 165a455

Please sign in to comment.