vincenzopalazzo
/
rgb-cln
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

bolt11: check return value of pull_all 

Otherwise, if pull_all fails, we attempt to create a script from NULL,
causing a UBSan report:

bitcoin/script.c:29:28: runtime error: null pointer passed as argument 2, which is declared to never be null

Corpus input bf703c2c20c0818af70a8c4caad6e6fd8cfd1ac6 triggers the UBSan
report, but we didn't previously realize this because UBSan has been
disabled in the CI run. We rename the input to indicate its usefulness
as a permanent regression test.
This commit is contained in:
Matt Morehouse 2023-10-17 10:37:41 -05:00 committed by Rusty Russell
parent 19c581c33f
commit eeec529031
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common/bolt11.c
View File

@ -390,6 +390,8 @@ static const char *decode_f(struct bolt11 *b11,
fallback = scriptpubkey_p2sh_hash(b11, shash);
} else if (version < 17) {
u8 *f = pull_all(tmpctx, hu5, data, field_len, false, &err);
if (!f)
return err;
if (version == 0) {
if (tal_count(f) != 20 && tal_count(f) != 32)
return tal_fmt(b11,

0
tests/fuzz/corpora/fuzz-bolt11/bf703c2c20c0818af70a8c4caad6e6fd8cfd1ac6 → tests/fuzz/corpora/fuzz-bolt11/crash-bf703c2c20c0818af70a8c4caad6e6fd8cfd1ac6
View File