Fail instead of swallow on database corruption

2024-02-13 11:35:40 -07:00 · 2024-02-13 11:35:40 -07:00 · 9f221f869d
parent 8003a39e1b
commit 9f221f869d
2 changed files with 17 additions and 7 deletions
--- a/zcash_client_sqlite/src/wallet.rs
+++ b/zcash_client_sqlite/src/wallet.rs
@ -383,14 +383,22 @@ pub(crate) fn get_transparent_receivers<P: consensus::Parameters>(
            })?;

        if let Some(taddr) = ua.transparent() {
-            let di_short = DiversifierIndex::from(di).try_into();
-            if let Ok(di_short) = di_short {
-                if let Some(index) = NonHardenedChildIndex::from_index(di_short) {
+            let index = NonHardenedChildIndex::from_index(
+                DiversifierIndex::from(di).try_into().map_err(|_| {
+                    SqliteClientError::CorruptedData(
+                        "Unable to get diversifier for transparent address.".to_string(),
+                    )
+                })?,
+            )
+            .ok_or_else(|| {
+                SqliteClientError::CorruptedData(
+                    "Unexpected hardened index for transparent address.".to_string(),
+                )
+            })?;
+
            ret.insert(*taddr, index);
        }
    }
-        }
-    }

    if let Some((taddr, child_index)) = get_legacy_transparent_address(params, conn, account)? {
        ret.insert(taddr, child_index);
--- a/zcash_primitives/src/legacy.rs
+++ b/zcash_primitives/src/legacy.rs
@ -439,6 +439,8 @@ impl NonHardenedChildIndex {
    }

    pub fn next(&self) -> Option<Self> {
+        // overflow cannot happen because self.0 is 31 bits, and the next index is at most 32 bits
+        // which in that case would lead from_index to return None.
        Self::from_index(self.0 + 1)
    }
 }
@ -585,7 +587,7 @@ mod tests {
        ));

        fn check<T: ConstantTimeEq>(v1: T, v2: T) -> bool {
-            v1.ct_eq(&v2).unwrap_u8() == 1
+            v1.ct_eq(&v2).into()
        }
    }