Fix signature index check in secp256k1 verify #13014
Conversation
Codecov Report
@@ Coverage Diff @@
## master #13014 +/- ##
=========================================
- Coverage 81.9% 81.9% -0.1%
=========================================
Files 361 361
Lines 85272 85272
=========================================
- Hits 69886 69879 -7
- Misses 15386 15393 +7 |
|
@sakridge @jstarry Uuum. is this need to be runtime-featured?
because this is already enabled on mainnet-beta and these handling differencies before and after this pr create different transaction results? |
|
Yep this affects banking_stage. Needs a feature gate :( |
| @@ -72,7 +72,7 @@ pub fn verify_eth_addresses( | |||
|
|
|||
| // Parse out signature | |||
| let signature_index = offsets.signature_instruction_index as usize; | |||
| if signature_index > instruction_datas.len() { | |||
| if signature_index >= instruction_datas.len() { | |||
There was a problem hiding this comment.
I also think adding a test for this won't hurt us, considering this is part of the signature verification code. Maybe this should be easy?
There was a problem hiding this comment.
Sure, I can add in the morning unless we want this merged sooner
There was a problem hiding this comment.
This actually a more complete fix and adds tests:
#13026
|
Also, considering we found this on the wild, maybe should we feed more bunch of eth sigs picked from the real eth network into this code to expose more bugs? |
So that we can pack bunch of any bugs under a single feature gate. :) |
|
Wouldn't this cause a panic? I don't think it needs a feature gate. I caught it while reading code, don't think it's happened in the wild |
Problem
Index check doesn't prevent invalid indices properly. If
signature_indexis 1 and there is only one instruction data, the check doesn't fail.Summary of Changes
Fixes #