From 97d10210beb55ad4bd6722f7186a80bf7cb140e2 Mon Sep 17 00:00:00 2001
From: Alessio Treglia <quadrispro@ubuntu.com>
Date: Fri, 7 Jun 2019 19:11:50 +0100
Subject: [PATCH] Merge PR #4510: Negative height paramter's value leads to
 undefined behavior

---
 types/rest/rest.go      | 5 +++++
 types/rest/rest_test.go | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/types/rest/rest.go b/types/rest/rest.go
index ab72bcadbd0a..0a87c8b96e30 100644
--- a/types/rest/rest.go
+++ b/types/rest/rest.go
@@ -208,6 +208,11 @@ func ParseQueryHeightOrReturnBadRequest(w http.ResponseWriter, cliCtx context.CL
 			return cliCtx, false
 		}
 
+		if height < 0 {
+			WriteErrorResponse(w, http.StatusBadRequest, "height must be equal or greater than zero")
+			return cliCtx, false
+		}
+
 		if height > 0 {
 			cliCtx = cliCtx.WithHeight(height)
 		}
diff --git a/types/rest/rest_test.go b/types/rest/rest_test.go
index 472781c98a96..22d399ebd9c9 100644
--- a/types/rest/rest_test.go
+++ b/types/rest/rest_test.go
@@ -122,7 +122,7 @@ func TestParseQueryHeight(t *testing.T) {
 		{"no height", req0, httptest.NewRecorder(), context.CLIContext{}, emptyHeight, true},
 		{"height", req1, httptest.NewRecorder(), context.CLIContext{}, height, true},
 		{"invalid height", req2, httptest.NewRecorder(), context.CLIContext{}, emptyHeight, false},
-		{"negative height", req3, httptest.NewRecorder(), context.CLIContext{}, emptyHeight, true},
+		{"negative height", req3, httptest.NewRecorder(), context.CLIContext{}, emptyHeight, false},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {