Read out of bounds in main.cpp:3462 #1924

issue wizeman opened this issue on October 12, 2012
  1. wizeman commented at 7:03 PM on October 12, 2012: contributor

    I believe that main.cpp in line 3462 is reading a static buffer out of bounds:

    3461 const char* pszDummy = "\0\0"; 3462 CScript scriptDummy(std::vector<unsigned char>(pszDummy, pszDummy + sizeof(pszDummy)));

    sizeof(pszDummy) happens to be 8 on a 64-bit environment, and I think the std::vector constructor ends up reading 8 bytes starting from pszDummy, even though this character array contains 3 bytes (the two zero bytes plus the terminating NULL).

    I suppose line 3461 was intended to be this instead:

    3461 const char pszDummy[] = "\0\0";

    However, sizeof(pszDummy) would return 3 now, which includes the terminating NULL, and I do not know whether it was intended for scriptDummy to include all 3 characters or only the 2 zeros...

  2. luke-jr commented at 7:06 PM on October 12, 2012: member

    I think you're right - but it shouldn't have any real effect. The dummy is just used to get past the "coinbase must be at least 2 bytes long" check, and is replaced before anything really uses it anyway.

  3. laanwj commented at 9:42 PM on October 12, 2012: member

    Good catch!

    It's supposed to be simply a two-byte sized zero buffer. There's no need for it to be a zero-terminated string. So let's use

    const char pszDummy[] = {0,0};
  4. laanwj referenced this in commit a93879ad2d on Oct 12, 2012
  5. laanwj referenced this in commit 683dde56dc on Oct 12, 2012
  6. laanwj referenced this in commit a0ef4e1ee9 on Oct 12, 2012
  7. laanwj referenced this in commit 3b99283e3a on Oct 24, 2012
  8. laanwj referenced this in commit 4fbad9124e on Oct 24, 2012
  9. laanwj referenced this in commit 1f7c5c5a3e on Oct 25, 2012
  10. laanwj closed this on Oct 25, 2012
  11. burger2 referenced this in commit 20e89c509e on Nov 21, 2012
  12. laanwj referenced this in commit 3e72516398 on Dec 10, 2012
  13. laudney referenced this in commit 20208a820a on Mar 19, 2014
  14. laudney referenced this in commit 5d3028dd11 on Mar 19, 2014
  15. KolbyML referenced this in commit 65c493313e on Dec 5, 2020
  16. MarcoFalke locked this on Sep 8, 2021
Contributors
wizemanluke-jrlaanwj
Linked (view graph)
#1926 Fix out-of-bounds read in main (issue #1924)
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-13 18:16 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me