search

btcsuite / btcutil

Provides bitcoin-specific convenience functions and types
475 stars 408 forks source link

psbt: fix two deserialization bugs #163

Closed Crypt-iQ closed 4 years ago

Crypt-iQ commented 4 years ago

Fuzzer found two panics:

first one:

panic: runtime error: index out of range [3] with length 1

goroutine 1 [running]:
encoding/binary.littleEndian.Uint32(...)
    /usr/local/Cellar/go/1.13/libexec/src/encoding/binary/binary.go:63
github.com/btcsuite/btcutil/psbt.(*PInput).deserialize(0xc0004c3db0, 0x12f3760, 0xc00009e2d0, 0xc0004c3df0, 0x1062de6)
    /Users/nsa/go/src/github.com/btcsuite/btcutil/psbt/partial_input.go:153 +0x1be6
github.com/btcsuite/btcutil/psbt.Fuzz_partial_input_serialization(0x5010000, 0x4, 0x4, 0x3)
    /Users/nsa/go/src/github.com/btcsuite/btcutil/psbt/partial_input_serialization.go:13 +0xf2

second one:

panic: runtime error: makeslice: len out of range

goroutine 1 [running]:
github.com/btcsuite/btcutil/psbt.getKey(0x12f3760, 0xc0000988a0, 0x8, 0x149d438, 0x203000, 0x203000, 0xaa, 0x13f0ae0)
    /Users/nsa/go/src/github.com/btcsuite/btcutil/psbt/utils.go:242 +0xf8
github.com/btcsuite/btcutil/psbt.(*PInput).deserialize(0xc000453db0, 0x12f3760, 0xc0000988a0, 0xc000453df0, 0x1062de6)
    /Users/nsa/go/src/github.com/btcsuite/btcutil/psbt/partial_input.go:80 +0x80
github.com/btcsuite/btcutil/psbt.Fuzz_partial_input_serialization(0x4710000, 0x9, 0x9, 0x4)
    /Users/nsa/go/src/github.com/btcsuite/btcutil/psbt/partial_input_serialization.go:13 +0xf2