From cf91a059c937a668f5a43decde20c7c39ea8d12c Mon Sep 17 00:00:00 2001
From: Emmanuel Odeke <emm.odeke@gmail.com>
Date: Mon, 29 Jan 2018 15:09:14 -0700
Subject: [PATCH] types: Context.GetOp should never crash

Ensure that requesting version <= 0 doesn't
cause a runtime out of bounds dereference,
with a simple validation and accompanying tests
to ensure we never regress.

Since GetOp allows int64, it is fair game
that it should except out of range inputs,
plus this is an SDK so is bound to be abused
both unintentionally and intentionally.

Fixes #400
---
 types/context.go      |  2 +-
 types/context_test.go | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 types/context_test.go

diff --git a/types/context.go b/types/context.go
index a0f2c29b0..649f15b93 100644
--- a/types/context.go
+++ b/types/context.go
@@ -238,7 +238,7 @@ func (pst *thePast) getOp(ver int64) (Op, bool) {
 	pst.mtx.RLock()
 	defer pst.mtx.RUnlock()
 	l := int64(len(pst.ops))
-	if l < ver {
+	if l < ver || ver <= 0 {
 		return Op{}, false
 	} else {
 		return pst.ops[ver-1], true
diff --git a/types/context_test.go b/types/context_test.go
new file mode 100644
index 000000000..36d8099b9
--- /dev/null
+++ b/types/context_test.go
@@ -0,0 +1,20 @@
+package types_test
+
+import (
+	"testing"
+
+	"github.com/cosmos/cosmos-sdk/types"
+	abci "github.com/tendermint/abci/types"
+)
+
+func TestContextGetOpShouldNeverPanic(t *testing.T) {
+	var ms types.MultiStore
+	ctx := types.NewContext(ms, abci.Header{}, false, nil)
+	indices := []int64{
+		-10, 1, 0, 10, 20,
+	}
+
+	for _, index := range indices {
+		_, _ = ctx.GetOp(index)
+	}
+}