Closed brunoerg closed 3 months ago
By applying differential fuzzing (using btcd@0.24.0), we noticed that NewBlockFromBytes may panic because of slice bounds out of range. By reproducing the issue in older releases, we noticed they do not panic, just throw an error. It seems to be caused by a recent change: https://github.com/btcsuite/btcd/commit/d7396dc13d8021001ab05684c99f465ea16fedc8#diff-d90adfff2befe29fa72ab522be237f2565daf0abf0dc1069beff4563b13119feL1054-L1055
btcd@0.24.0
NewBlockFromBytes
To reproduce the issue:
package main import ( "fmt" "github.com/btcsuite/btcd/btcutil" ) func main() { var bytes = []byte{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x47, 0xa6, 0x00, 0x17, 0xfe, 0xff, 0xff, 0xbe, 0x00, 0xe1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x40, 0x00, 0x00, 0x00, 0x00, 0x3a, 0x3a, 0x3a, 0xf7, 0x7a, 0x3a, 0x3a, 0x3a, 0x3a, 0xa1, 0xa1, 0xa1, 0x31, 0xff, 0xff, 0xff, 0x56, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0x3a, 0x00, 0x00, 0x00, 0x04, 0x08, 0x00, 0x00, 0x40, 0x00, 0x00, 0x3a, 0x3a, 0x3a, 0x47, 0x47, 0xa6, 0x00, 0x17, 0xfe, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f, 0x00, } // Create a new block from the serialized bytes. _, err := btcutil.NewBlockFromBytes(bytes) if err != nil { fmt.Printf("NewBlockFromBytes: %v", err) return } fmt.Printf("Completed") }
cc: @hax0kartik
It's fixed, nevermind.
By applying differential fuzzing (using
btcd@0.24.0
), we noticed thatNewBlockFromBytes
may panic because of slice bounds out of range. By reproducing the issue in older releases, we noticed they do not panic, just throw an error. It seems to be caused by a recent change: https://github.com/btcsuite/btcd/commit/d7396dc13d8021001ab05684c99f465ea16fedc8#diff-d90adfff2befe29fa72ab522be237f2565daf0abf0dc1069beff4563b13119feL1054-L1055To reproduce the issue:
cc: @hax0kartik