diff options
| author | Felix Lange <fjl@twurst.com> | 2015-04-14 06:54:12 +0800 |
|---|---|---|
| committer | Felix Lange <fjl@twurst.com> | 2015-04-17 20:45:09 +0800 |
| commit | 2750ec47b7e7ff864eaed72255581e11080907d7 (patch) | |
| tree | df5ead8b41b4dbb49b990a59f4d41bd4422da787 /rlp/decode_test.go | |
| parent | 56a48101dc3dd96587915a5d7882f9d46ecc6ae9 (diff) | |
| download | go-tangerine-2750ec47b7e7ff864eaed72255581e11080907d7.tar.gz go-tangerine-2750ec47b7e7ff864eaed72255581e11080907d7.tar.zst go-tangerine-2750ec47b7e7ff864eaed72255581e11080907d7.zip | |
rlp: fix integer overflow in list element size validation
It is not safe to add anything to s.size.
Diffstat (limited to 'rlp/decode_test.go')
| -rw-r--r-- | rlp/decode_test.go | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/rlp/decode_test.go b/rlp/decode_test.go index 6b37ab0ad..a64bfe3fd 100644 --- a/rlp/decode_test.go +++ b/rlp/decode_test.go @@ -112,6 +112,9 @@ func TestStreamErrors(t *testing.T) { {"BFFFFFFFFFFFFFFFFFFF", calls{"Bytes"}, nil, ErrValueTooLarge}, {"C801", calls{"List"}, nil, ErrValueTooLarge}, + // Test for list element size check overflow. + {"CD04040404FFFFFFFFFFFFFFFFFF0303", calls{"List", "Uint", "Uint", "Uint", "Uint", "List"}, nil, ErrElemTooLarge}, + // Test for input limit overflow. Since we are counting the limit // down toward zero in Stream.remaining, reading too far can overflow // remaining to a large value, effectively disabling the limit. |