diff options
| author | MarcoFalke <falke.marco@gmail.com> | 2020-07-26 19:01:48 +0200 |
|---|---|---|
| committer | MarcoFalke <falke.marco@gmail.com> | 2020-07-26 19:01:51 +0200 |
| commit | 31d2b4098a9e4ee9a694ba1ad42829637cbcf3c6 (patch) | |
| tree | 04a7cc70602a5cd9b717fd988299956fd37ba7c8 | |
| parent | 40a04814d130dfc9131af3f568eb44533e2bcbfc (diff) | |
| parent | fa2ae0ac8d43086430a29c73940ad6b1cd129e96 (diff) | |
| download | bitcoin-31d2b4098a9e4ee9a694ba1ad42829637cbcf3c6.tar.xz | |
Merge #19508: Work around memory-aliasing in descriptor ParsePubkey
fa2ae0ac8d43086430a29c73940ad6b1cd129e96 span: Add Span::empty() and use it in script/descriptor (MarcoFalke)
fa8a99258947a9ee3749fa472180542920cd471c Work around memory-aliasing in descriptor ParsePubkey (MarcoFalke)
Pull request description:
While this is not undefined behaviour, the memory aliasing trick is confusing when reading the code. Having `a.size()==0` and then access `a[0]` works in this particular case, but should probably be avoided to harden the code for the future.
ACKs for top commit:
theStack:
re-ACK https://github.com/bitcoin/bitcoin/pull/19508/commits/fa2ae0ac8d43086430a29c73940ad6b1cd129e96
elichai:
ACK fa2ae0ac8d43086430a29c73940ad6b1cd129e96
jonatack:
ACK fa2ae0ac8d43086430a29c73940ad6b1cd129e96
Tree-SHA512: 0ec7b09eef45504973a195923cdf1aa8522117c8e2f69b453e5ce9aa8a7e327c71138518022c32d05133dc99cb861101ed0f60fa891814ee3e9dab3a6fa61a84
| -rw-r--r-- | src/script/descriptor.cpp | 7 | ||||
| -rw-r--r-- | src/span.h | 1 |
2 files changed, 5 insertions, 3 deletions
diff --git a/src/script/descriptor.cpp b/src/script/descriptor.cpp index 5fa128d62d..9978d084d5 100644 --- a/src/script/descriptor.cpp +++ b/src/script/descriptor.cpp @@ -825,8 +825,9 @@ std::unique_ptr<PubkeyProvider> ParsePubkey(uint32_t key_exp_index, const Span<c return nullptr; } if (origin_split.size() == 1) return ParsePubkeyInner(key_exp_index, origin_split[0], permit_uncompressed, out, error); - if (origin_split[0].size() < 1 || origin_split[0][0] != '[') { - error = strprintf("Key origin start '[ character expected but not found, got '%c' instead", origin_split[0][0]); + if (origin_split[0].empty() || origin_split[0][0] != '[') { + error = strprintf("Key origin start '[ character expected but not found, got '%c' instead", + origin_split[0].empty() ? /** empty, implies split char */ ']' : origin_split[0][0]); return nullptr; } auto slash_split = Split(origin_split[0].subspan(1), '/'); @@ -896,7 +897,7 @@ std::unique_ptr<DescriptorImpl> ParseScript(uint32_t key_exp_index, Span<const c providers.emplace_back(std::move(pk)); key_exp_index++; } - if (providers.size() < 1 || providers.size() > 16) { + if (providers.empty() || providers.size() > 16) { error = strprintf("Cannot have %u keys in multisig; must have between 1 and 16 keys, inclusive", providers.size()); return nullptr; } else if (thres < 1) { diff --git a/src/span.h b/src/span.h index 841f1eadf7..79f13c9203 100644 --- a/src/span.h +++ b/src/span.h @@ -151,6 +151,7 @@ public: return m_data[m_size - 1]; } constexpr std::size_t size() const noexcept { return m_size; } + constexpr bool empty() const noexcept { return size() == 0; } CONSTEXPR_IF_NOT_DEBUG C& operator[](std::size_t pos) const noexcept { ASSERT_IF_DEBUG(size() > pos); |