From fa43e7c2d9dc5e2df70acd2019bdd24023c1d333 Mon Sep 17 00:00:00 2001 From: MarcoFalke Date: Fri, 8 Oct 2021 15:51:55 +0200 Subject: [PATCH] bitcoin-tx: Avoid treating overflow as OP_0 --- src/core_read.cpp | 6 +++--- src/test/script_parse_tests.cpp | 2 +- test/util/data/bitcoin-util-test.json | 6 ++++++ 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/core_read.cpp b/src/core_read.cpp index 3bbecbf52b..2149b428d2 100644 --- a/src/core_read.cpp +++ b/src/core_read.cpp @@ -66,16 +66,16 @@ CScript ParseScript(const std::string& s) (w.front() == '-' && w.size() > 1 && std::all_of(w.begin() + 1, w.end(), ::IsDigit))) { // Number - int64_t n = LocaleIndependentAtoi(w); + const auto num{ToIntegral(w)}; // limit the range of numbers ParseScript accepts in decimal // since numbers outside -0xFFFFFFFF...0xFFFFFFFF are illegal in scripts - if (n > int64_t{0xffffffff} || n < -1 * int64_t{0xffffffff}) { + if (!num.has_value() || num > int64_t{0xffffffff} || num < -1 * int64_t{0xffffffff}) { throw std::runtime_error("script parse error: decimal numeric value only allowed in the " "range -0xFFFFFFFF...0xFFFFFFFF"); } - result << n; + result << num.value(); } else if (w.substr(0, 2) == "0x" && w.size() > 2 && IsHex(std::string(w.begin() + 2, w.end()))) { // Raw hex data, inserted NOT pushed onto stack: std::vector raw = ParseHex(std::string(w.begin() + 2, w.end())); diff --git a/src/test/script_parse_tests.cpp b/src/test/script_parse_tests.cpp index 5b8b6a725f..004c1a9a84 100644 --- a/src/test/script_parse_tests.cpp +++ b/src/test/script_parse_tests.cpp @@ -38,7 +38,6 @@ BOOST_AUTO_TEST_CASE(parse_script) {"'17'", "023137"}, {"ELSE", "67"}, {"NOP10", "b9"}, - {"11111111111111111111", "00"}, }; std::string all_in; std::string all_out; @@ -49,6 +48,7 @@ BOOST_AUTO_TEST_CASE(parse_script) } BOOST_CHECK_EQUAL(HexStr(ParseScript(all_in)), all_out); + BOOST_CHECK_EXCEPTION(ParseScript("11111111111111111111"), std::runtime_error, HasReason("script parse error: decimal numeric value only allowed in the range -0xFFFFFFFF...0xFFFFFFFF")); BOOST_CHECK_EXCEPTION(ParseScript("11111111111"), std::runtime_error, HasReason("script parse error: decimal numeric value only allowed in the range -0xFFFFFFFF...0xFFFFFFFF")); BOOST_CHECK_EXCEPTION(ParseScript("OP_CHECKSIGADD"), std::runtime_error, HasReason("script parse error: unknown opcode")); } diff --git a/test/util/data/bitcoin-util-test.json b/test/util/data/bitcoin-util-test.json index a648c0287a..20684f0f76 100644 --- a/test/util/data/bitcoin-util-test.json +++ b/test/util/data/bitcoin-util-test.json @@ -294,6 +294,12 @@ "output_cmp": "txcreatescript4.json", "description": "Create a new transaction with a single output script (OP_DROP) in a P2SH, wrapped in a P2SH (output as json)" }, + { "exec": "./bitcoin-tx", + "args": ["-create", "outscript=0:999999999999999999999999999999"], + "return_code": 1, + "error_txt": "error: script parse error: decimal numeric value only allowed in the range -0xFFFFFFFF...0xFFFFFFFF", + "description": "Try to parse an output script with a decimal number above the allowed range" + }, { "exec": "./bitcoin-tx", "args": ["-create", "outscript=0:9999999999"], "return_code": 1,