Documented bug in sign-extension behavior of opcodes OP_AND, OP_OR, and OP_XOR.

Due to a bug in the implementation of MakeSameSize(), using OP_AND, OP_OR, or OP_XOR with signed values of unequal size will result in the sign-value becoming part of the smaller integer, with nonsensical results. This patch documents the unexpected behavior and provides the basis of a solution should decision be made to fix the bug in the future.
12 years ago · 95d7f00295
parent 1381ad2b21
commit 95d7f00295
1 changed files with 23 additions and 1 deletions
--- a/src/script.cpp
+++ b/src/script.cpp
@ -54,12 +54,29 @@ bool CastToBool(const valtype& vch)
    return false;
 }
 //
 // WARNING: This does not work as expected for signed integers; the sign-bit
 // is left in place as the integer is zero-extended. The correct behavior
 // would be to move the most significant bit of the last byte during the
 // resize process. MakeSameSize() is currently only used by the disabled
 // opcodes OP_AND, OP_OR, and OP_XOR.
 //
 void MakeSameSize(valtype& vch1, valtype& vch2)
 {
    // Lengthen the shorter one
    if (vch1.size() < vch2.size())
        // PATCH:
        // +unsigned char msb = vch1[vch1.size()-1];
        // +vch1[vch1.size()-1] &= 0x7f;
        //  vch1.resize(vch2.size(), 0);
        // +vch1[vch1.size()-1] = msb;
        vch1.resize(vch2.size(), 0);
    if (vch2.size() < vch1.size())
        // PATCH:
        // +unsigned char msb = vch2[vch2.size()-1];
        // +vch2[vch2.size()-1] &= 0x7f;
        //  vch2.resize(vch1.size(), 0);
        // +vch2[vch2.size()-1] = msb;
        vch2.resize(vch1.size(), 0);
 }
@ -663,6 +680,11 @@ bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, co
                }
                break;
                //
                // WARNING: These disabled opcodes exhibit unexpected behavior
                // when used on signed integers due to a bug in MakeSameSize()
                // [see definition of MakeSameSize() above].
                //
                case OP_AND:
                case OP_OR:
                case OP_XOR:
@ -672,7 +694,7 @@ bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, co
                        return false;
                    valtype& vch1 = stacktop(-2);
                    valtype& vch2 = stacktop(-1);
-                    MakeSameSize(vch1, vch2);
+                    MakeSameSize(vch1, vch2); // <-- NOT SAFE FOR SIGNED VALUES
                    if (opcode == OP_AND)
                    {
                        for (unsigned int i = 0; i < vch1.size(); i++)