Add assertions for CScriptNum[10] +/- int64_t to avoid the possibility of UB.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-10-01 00:17:41 +01:00 · 2020-10-01 00:17:41 +01:00 · f432fe5ebf
parent 9ba10a8071
commit f432fe5ebf
2 changed files with 28 additions and 4 deletions
--- a/src/script/script.h
+++ b/src/script/script.h
@ -242,8 +242,20 @@ public:
    inline bool operator>=(const CScriptNum& rhs) const { return operator>=(rhs.m_value); }
    inline bool operator> (const CScriptNum& rhs) const { return operator> (rhs.m_value); }

-    inline CScriptNum operator+(   const int64_t& rhs)    const { return CScriptNum(m_value + rhs);}
-    inline CScriptNum operator-(   const int64_t& rhs)    const { return CScriptNum(m_value - rhs);}
+    inline CScriptNum operator+(   const int64_t& rhs)    const
+    {
+        assert(rhs == 0 || (rhs > 0 && m_value <= std::numeric_limits<int64_t>::max() - rhs) ||
+                           (rhs < 0 && m_value >= std::numeric_limits<int64_t>::min() - rhs));
+        return CScriptNum(m_value + rhs);
+    }
+
+    inline CScriptNum operator-(   const int64_t& rhs)    const
+    {
+        assert(rhs == 0 || (rhs > 0 && m_value >= std::numeric_limits<int64_t>::min() + rhs) ||
+                           (rhs < 0 && m_value <= std::numeric_limits<int64_t>::max() + rhs));
+        return CScriptNum(m_value - rhs);
+    }
+
    inline CScriptNum operator+(   const CScriptNum& rhs) const { return operator+(rhs.m_value);   }
    inline CScriptNum operator-(   const CScriptNum& rhs) const { return operator-(rhs.m_value);   }

--- a/src/test/scriptnum10.h
+++ b/src/test/scriptnum10.h
@ -75,8 +75,20 @@ public:
    inline bool operator>=(const CScriptNum10& rhs) const { return operator>=(rhs.m_value); }
    inline bool operator> (const CScriptNum10& rhs) const { return operator> (rhs.m_value); }

-    inline CScriptNum10 operator+(   const int64_t& rhs)    const { return CScriptNum10(m_value + rhs);}
-    inline CScriptNum10 operator-(   const int64_t& rhs)    const { return CScriptNum10(m_value - rhs);}
+    inline CScriptNum10 operator+(   const int64_t& rhs)      const
+    {
+        assert(rhs == 0 || (rhs > 0 && m_value <= std::numeric_limits<int64_t>::max() - rhs) ||
+                           (rhs < 0 && m_value >= std::numeric_limits<int64_t>::min() - rhs));
+        return CScriptNum10(m_value + rhs);
+    }
+
+    inline CScriptNum10 operator-(   const int64_t& rhs)      const
+    {
+        assert(rhs == 0 || (rhs > 0 && m_value >= std::numeric_limits<int64_t>::min() + rhs) ||
+                           (rhs < 0 && m_value <= std::numeric_limits<int64_t>::max() + rhs));
+        return CScriptNum10(m_value - rhs);
+    }
+
    inline CScriptNum10 operator+(   const CScriptNum10& rhs) const { return operator+(rhs.m_value);   }
    inline CScriptNum10 operator-(   const CScriptNum10& rhs) const { return operator-(rhs.m_value);   }