HomePhabricator

Merge #11284: Fix invalid memory access in CScript::operator+= (guidovranken…

Description

Merge #11284: Fix invalid memory access in CScript::operator+= (guidovranken, ajtowns)

Summary:
d601f16 Fix invalid memory access in CScript::operator+= (Anthony Towns)

Pull request description:

This is a fix for #11114 -- invoking "s += s" gets turned into "s.insert(s.end(), s.begin(), s.end())" which can result in an invalid memory access is s.capacity() < 2*s.size() (because s gets resized and possibly moved, so s.begin() and s.end() become invalid references when reading the values to be appended).

The fix is straightforward: reserve enough space in advance, so that insert() doesn't need to resize and thus its arguments remain valid.

A simple test case is added as well; though you probably need to run it via valgrind to actually catch the problem when it's not fixed...

Tree-SHA512: 4720d0c17463fdc43b344c45fe603423d20b30d48da1b9d85eeedc505d7f34db1ed5495ef1556459ae962a94717e3c6e8fc441763771901efea210d01322b7ef

Backport of Core PR11284
https://github.com/bitcoin/bitcoin/pull/11284/files

Test Plan: make check

Reviewers: #bitcoin_abc, deadalnix, markblundeberg

Reviewed By: #bitcoin_abc, markblundeberg

Differential Revision: https://reviews.bitcoinabc.org/D3373

Details

Provenance
Wladimir J. van der Laan <laanwj@gmail.com>Authored on Oct 2 2017, 12:46
jasonbcoxCommitted on Jun 20 2019, 15:39
jasonbcoxPushed on Jun 20 2019, 15:39
Reviewer
Restricted Project
Differential Revision
D3373: Merge #11284: Fix invalid memory access in CScript::operator+= (guidovranken, ajtowns)
Parents
rABC785fd9d744f9: [rpc] deprecate ancient softforks' information from getblockchaininfo
Branches
Unknown
Tags
Unknown