Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/types: fix negative index accesses in CompactUnmarshal,GetIndex,SetIndex #9196

Merged
merged 4 commits into from
Apr 26, 2021
Merged

crypto/types: fix negative index accesses in CompactUnmarshal,GetIndex,SetIndex #9196

merged 4 commits into from
Apr 26, 2021

Conversation

odeke-em
Copy link
Collaborator

Fixes unchecked negative index access that'd cause panics, in CompactBitArray's:

  • CompactUnmarshal, which blindly used the result of binary.Uvarint
  • GetIndex
  • SetIndex

Fixes #9164
Fixes #9165

/cc @cuonglm, we'll need to write fuzz passes to ensure that these code paths don't regress.

Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.

  • Targeted PR against correct branch (see CONTRIBUTING.md)
  • Linked to Github issue with discussion and accepted design OR link to spec that describes this work.
  • Code follows the module structure standards.
  • Wrote unit and integration tests
  • Updated relevant documentation (docs/) or specification (x/<module>/spec/)
  • Added relevant godoc comments.
  • Added a relevant changelog entry to the Unreleased section in CHANGELOG.md
  • Re-reviewed Files changed in the Github PR explorer
  • Review Codecov Report in the comment section below once CI passes

@odeke-em
crypto/types: fix negative index accesses in CompactUnmarshal,GetInde…
11e28fa 
…x,SetIndex

Fixes unchecked negative index access that'd cause panics, in CompactBitArray's:
* CompactUnmarshal, which blindly used the result of binary.Uvarint
* GetIndex
* SetIndex

Fixes #9164
Fixes #9165
@codecov
Copy link

codecov bot commented Apr 24, 2021
edited
Loading

Codecov Report

Merging #9196 (8bc4f9d) into master (1f78008) will increase coverage by 0.00%.
The diff coverage is 100.00%.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #9196   +/-   ##
=======================================
  Coverage   59.70%   59.71%           
=======================================
  Files         595      595           
  Lines       37315    37317    +2     
=======================================
+ Hits        22279    22283    +4     
+ Misses      13057    13056    -1     
+ Partials     1979     1978    -1
Impacted Files Coverage Δ
crypto/types/compact_bit_array.go 77.77% <100.00%> (+2.12%) ⬆️

@cuonglm cuonglm mentioned this pull request Apr 26, 2021
Merged
9 tasks
@tac0turtle tac0turtle added the A:automerge Automatically merge PR once all prerequisites pass. label Apr 26, 2021
@tac0turtle
Copy link
Member

@odeke-em can you enable maintainers to modify the PR. This will allow the mergify bot to handle merging this PR

@odeke-em
Copy link
Collaborator Author

Thanks for the reviews and approvals @alessio @cuonglm @AmauryM @marbar3778! @marbar3778 am not sure how to enable that but the branch got out of date from changes on the master branch, and auto merge has been applied before in other PRs of mine.

@mergify mergify bot merged commit 49bf077 into cosmos:master Apr 26, 2021
@odeke-em odeke-em deleted the crypto-types-CompactBitArray-fix-negative-index-access branch April 26, 2021 16:47
odeke-em pushed a commit that referenced this pull request Apr 26, 2021
fuzz/crypto: add {Get,Set}Index to compactbitarray fuzzing (#9200)
eeefaf9 
Updates #7921
Depends on #9196
odeke-em pushed a commit that referenced this pull request Jul 22, 2021
@odeke-em
fuzz/crypto: add {Get,Set}Index to compactbitarray fuzzing (#9200)
6078c17 
Updates #7921
Depends on #9196
odeke-em pushed a commit that referenced this pull request Jul 28, 2021
@odeke-em
fuzz/crypto: add {Get,Set}Index to compactbitarray fuzzing (#9200)
6d520a2 
Updates #7921
Depends on #9196
odeke-em pushed a commit that referenced this pull request Mar 30, 2022
@odeke-em
fuzz/crypto: add {Get,Set}Index to compactbitarray fuzzing (#9200)
92c5763 
Updates #7921
Depends on #9196
elias-orijtech pushed a commit to elias-orijtech/cosmos-sdk that referenced this pull request Apr 11, 2022
@elias-orijtech
fuzz/crypto: add {Get,Set}Index to compactbitarray fuzzing (cosmos#9200)
4faf04a 
Updates cosmos#7921
Depends on cosmos#9196
elias-orijtech pushed a commit to elias-orijtech/cosmos-sdk that referenced this pull request May 6, 2022
@elias-orijtech
fuzz/crypto: add {Get,Set}Index to compactbitarray fuzzing (cosmos#9200)
c642b33 
Updates cosmos#7921
Depends on cosmos#9196
odeke-em pushed a commit that referenced this pull request Jun 4, 2022
@odeke-em
fuzz/crypto: add {Get,Set}Index to compactbitarray fuzzing (#9200)
03652f9 
Updates #7921
Depends on #9196
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alessio alessio alessio approved these changes

@amaury1093 amaury1093 amaury1093 approved these changes

@cuonglm cuonglm cuonglm approved these changes

@tac0turtle tac0turtle tac0turtle approved these changes

@aaronc aaronc Awaiting requested review from aaronc

@alexanderbez alexanderbez Awaiting requested review from alexanderbez

Assignees
No one assigned
Labels
A:automerge Automatically merge PR once all prerequisites pass.
Projects
None yet
Milestone
No milestone
5 participants
@odeke-em @tac0turtle @alessio @amaury1093 @cuonglm