protocol/vm: slice bounds out of range
jbowens opened this issue · comments
Fuzz testing found a slice bounds out of range while parsing vm opcodes.
Here's the hex-encoded transaction:
https://gist.githubusercontent.com/jbowens/91a16bdf36b0086f15038b5b9358d5fd/raw/e0939c22912e781832db206216374a725d24de04/fuzz_vm
And the stack trace:
panic: runtime error: slice bounds out of range
goroutine 1 [running]:
chain/protocol/vm.ParseOp(0xc42009c4d6, 0x6d, 0x1b5, 0x47, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0)
/var/folders/df/tll2ynl125z01jxszx2fq2nw0000gn/T/go-fuzz-build220052245/src/chain/protocol/vm/ops.go:420 +0xbed
chain/protocol/vm.Disassemble(0xc42009c4d6, 0x6d, 0x1b5, 0x0, 0x20, 0x1052cb2, 0xc4200ce210)
/var/folders/df/tll2ynl125z01jxszx2fq2nw0000gn/T/go-fuzz-build220052245/src/chain/protocol/vm/assemble.go:127 +0x153
chain/protocol/vm.Error.Error(0x1256520, 0xc42007a420, 0xc42009c4d6, 0x6d, 0x1b5, 0xc420018120, 0x3, 0x4, 0x10af489, 0xc4200ae100)
/var/folders/df/tll2ynl125z01jxszx2fq2nw0000gn/T/go-fuzz-build220052245/src/chain/protocol/vm/vm.go:226 +0x75
chain/protocol/vm.(*Error).Error(0xc420012380, 0x18, 0xc4200ce318)
<autogenerated>:2 +0x5c
chain/errors.wrap(0x1256720, 0xc420012380, 0xc42000afa0, 0x18, 0x1, 0xc4200cea18, 0xc42000e620)
/var/folders/df/tll2ynl125z01jxszx2fq2nw0000gn/T/go-fuzz-build220052245/src/chain/errors/errors.go:51 +0x301
chain/errors.Wrap(0x1256720, 0xc420012380, 0xc4200cea28, 0x1, 0x1, 0x3, 0x4)
/var/folders/df/tll2ynl125z01jxszx2fq2nw0000gn/T/go-fuzz-build220052245/src/chain/errors/errors.go:70 +0xce
chain/protocol/validation.checkValid(0xc4200cf450, 0x1257bc0, 0xc4200141e0, 0xc420001638, 0x1)
/var/folders/df/tll2ynl125z01jxszx2fq2nw0000gn/T/go-fuzz-build220052245/src/chain/protocol/validation/validation.go:268 +0x3cd6
chain/protocol/validation.checkValidSrc(0xc420018240, 0xc42000a5e0, 0x0, 0xc42000a600)