common: NewBitArray never crashes on negatives (#170)
Fixes #169 Fixes https://github.com/tendermint/tendermint/issues/1322 The previous code was very trusting assuming that rational actors will use this code. However, Byzantine actors don't care and in the case of the linked issue negative lengths can be sent to this code unfettered having been received from a peer. This code is essentially just a sign change from `==` to `<=` and we've gutted out that attack by being more defensive.
This commit is contained in:
parent
26f2ab65f8
commit
97bdad8262
|
@ -15,7 +15,7 @@ type BitArray struct {
|
||||||
|
|
||||||
// There is no BitArray whose Size is 0. Use nil instead.
|
// There is no BitArray whose Size is 0. Use nil instead.
|
||||||
func NewBitArray(bits int) *BitArray {
|
func NewBitArray(bits int) *BitArray {
|
||||||
if bits == 0 {
|
if bits <= 0 {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
return &BitArray{
|
return &BitArray{
|
||||||
|
|
|
@ -208,3 +208,10 @@ func TestUpdateNeverPanics(t *testing.T) {
|
||||||
b.Update(a)
|
b.Update(a)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestNewBitArrayNeverCrashesOnNegatives(t *testing.T) {
|
||||||
|
bitList := []int{-127, -128, -1<<31}
|
||||||
|
for _, bits := range bitList {
|
||||||
|
_ = NewBitArray(bits)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue