From 97bdad8262f3da14f17048dc11f095790e07fb02 Mon Sep 17 00:00:00 2001
From: Emmanuel T Odeke <odeke@ualberta.ca>
Date: Sun, 18 Mar 2018 04:17:11 -0700
Subject: [PATCH] common: NewBitArray never crashes on negatives (#170)

Fixes #169
Fixes https://github.com/tendermint/tendermint/issues/1322

The previous code was very trusting assuming that
rational actors will use this code. However, Byzantine
actors don't care and in the case of the linked issue
negative lengths can be sent to this code unfettered
having been received from a peer.

This code is essentially just a sign change from
`==`
to
`<=`

and we've gutted out that attack by being more defensive.
---
 common/bit_array.go      | 2 +-
 common/bit_array_test.go | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/common/bit_array.go b/common/bit_array.go
index 7cc84705..a3a87cca 100644
--- a/common/bit_array.go
+++ b/common/bit_array.go
@@ -15,7 +15,7 @@ type BitArray struct {
 
 // There is no BitArray whose Size is 0.  Use nil instead.
 func NewBitArray(bits int) *BitArray {
-	if bits == 0 {
+	if bits <= 0 {
 		return nil
 	}
 	return &BitArray{
diff --git a/common/bit_array_test.go b/common/bit_array_test.go
index 94a312b7..fbc438cd 100644
--- a/common/bit_array_test.go
+++ b/common/bit_array_test.go
@@ -208,3 +208,10 @@ func TestUpdateNeverPanics(t *testing.T) {
 		b.Update(a)
 	}
 }
+
+func TestNewBitArrayNeverCrashesOnNegatives(t *testing.T) {
+	bitList := []int{-127, -128, -1<<31}
+	for _, bits := range bitList {
+		_ = NewBitArray(bits)
+	}
+}