From 7180699d401e64b52447ccb2cfb33004b7deb672 Mon Sep 17 00:00:00 2001
From: Felix Lange <fjl@twurst.com>
Date: Fri, 17 Apr 2015 03:11:24 +0200
Subject: [PATCH] rlp: require declared number of input elements for array
 types

---
 rlp/decode.go      | 40 +++++++++++++++-------------------------
 rlp/decode_test.go | 26 +++++++++++---------------
 2 files changed, 26 insertions(+), 40 deletions(-)

diff --git a/rlp/decode.go b/rlp/decode.go
index 97eacf64b..6952ecaea 100644
--- a/rlp/decode.go
+++ b/rlp/decode.go
@@ -59,7 +59,9 @@ type Decoder interface {
 //
 // To decode into a slice, the input must be a list and the resulting
 // slice will contain the input elements in order. For byte slices,
-// the input must be an RLP string.
+// the input must be an RLP string. Array types decode similarly, with
+// the additional restriction that the number of input elements (or
+// bytes) must match the array's length.
 //
 // To decode into a Go string, the input must be an RLP string. The
 // input bytes are taken as-is and will not necessarily be valid UTF-8.
@@ -279,19 +281,10 @@ func decodeListSlice(s *Stream, val reflect.Value, elemdec decoder) error {
 }
 
 func decodeListArray(s *Stream, val reflect.Value, elemdec decoder) error {
-	size, err := s.List()
+	_, err := s.List()
 	if err != nil {
 		return wrapStreamError(err, val.Type())
 	}
-	if size == 0 {
-		zero(val, 0)
-		return s.ListEnd()
-	}
-
-	// The approach here is stolen from package json, although we differ
-	// in the semantics for arrays. package json discards remaining
-	// elements that would not fit into the array. We generate an error in
-	// this case because we'd be losing information.
 	vlen := val.Len()
 	i := 0
 	for ; i < vlen; i++ {
@@ -302,7 +295,7 @@ func decodeListArray(s *Stream, val reflect.Value, elemdec decoder) error {
 		}
 	}
 	if i < vlen {
-		zero(val, i)
+		return &decodeError{msg: "input list has too few elements", typ: val.Type()}
 	}
 	return wrapStreamError(s.ListEnd(), val.Type())
 }
@@ -321,23 +314,28 @@ func decodeByteArray(s *Stream, val reflect.Value) error {
 	if err != nil {
 		return err
 	}
+	vlen := val.Len()
 	switch kind {
 	case Byte:
-		if val.Len() == 0 {
+		if vlen == 0 {
 			return &decodeError{msg: "input string too long", typ: val.Type()}
 		}
+		if vlen > 1 {
+			return &decodeError{msg: "input string too short", typ: val.Type()}
+		}
 		bv, _ := s.Uint()
 		val.Index(0).SetUint(bv)
-		zero(val, 1)
 	case String:
-		if uint64(val.Len()) < size {
+		if uint64(vlen) < size {
 			return &decodeError{msg: "input string too long", typ: val.Type()}
 		}
-		slice := val.Slice(0, int(size)).Interface().([]byte)
+		if uint64(vlen) > size {
+			return &decodeError{msg: "input string too short", typ: val.Type()}
+		}
+		slice := val.Slice(0, vlen).Interface().([]byte)
 		if err := s.readFull(slice); err != nil {
 			return err
 		}
-		zero(val, int(size))
 		// Reject cases where single byte encoding should have been used.
 		if size == 1 && slice[0] < 56 {
 			return wrapStreamError(ErrCanonSize, val.Type())
@@ -348,14 +346,6 @@ func decodeByteArray(s *Stream, val reflect.Value) error {
 	return nil
 }
 
-func zero(val reflect.Value, start int) {
-	z := reflect.Zero(val.Type().Elem())
-	end := val.Len()
-	for i := start; i < end; i++ {
-		val.Index(i).Set(z)
-	}
-}
-
 func makeStructDecoder(typ reflect.Type) (decoder, error) {
 	fields, err := structFields(typ)
 	if err != nil {
diff --git a/rlp/decode_test.go b/rlp/decode_test.go
index 0b69ff1f4..d07520bd0 100644
--- a/rlp/decode_test.go
+++ b/rlp/decode_test.go
@@ -290,11 +290,6 @@ var (
 	)
 )
 
-var (
-	sharedByteArray [5]byte
-	sharedPtr       = new(*uint)
-)
-
 var decodeTests = []decodeTest{
 	// integers
 	{input: "05", ptr: new(uint32), value: uint32(5)},
@@ -315,11 +310,16 @@ var decodeTests = []decodeTest{
 	{input: "F8020004", ptr: new([]uint), error: "rlp: non-canonical size information for []uint"},
 
 	// arrays
-	{input: "C0", ptr: new([5]uint), value: [5]uint{}},
 	{input: "C50102030405", ptr: new([5]uint), value: [5]uint{1, 2, 3, 4, 5}},
+	{input: "C0", ptr: new([5]uint), error: "rlp: input list has too few elements for [5]uint"},
+	{input: "C102", ptr: new([5]uint), error: "rlp: input list has too few elements for [5]uint"},
 	{input: "C6010203040506", ptr: new([5]uint), error: "rlp: input list has too many elements for [5]uint"},
 	{input: "F8020004", ptr: new([5]uint), error: "rlp: non-canonical size information for [5]uint"},
 
+	// zero sized arrays
+	{input: "C0", ptr: new([0]uint), value: [0]uint{}},
+	{input: "C101", ptr: new([0]uint), error: "rlp: input list has too many elements for [0]uint"},
+
 	// byte slices
 	{input: "01", ptr: new([]byte), value: []byte{1}},
 	{input: "80", ptr: new([]byte), value: []byte{}},
@@ -328,21 +328,17 @@ var decodeTests = []decodeTest{
 	{input: "8105", ptr: new([]byte), error: "rlp: non-canonical size information for []uint8"},
 
 	// byte arrays
-	{input: "01", ptr: new([5]byte), value: [5]byte{1}},
-	{input: "80", ptr: new([5]byte), value: [5]byte{}},
+	{input: "02", ptr: new([1]byte), value: [1]byte{2}},
 	{input: "850102030405", ptr: new([5]byte), value: [5]byte{1, 2, 3, 4, 5}},
 
 	// byte array errors
+	{input: "02", ptr: new([5]byte), error: "rlp: input string too short for [5]uint8"},
+	{input: "80", ptr: new([5]byte), error: "rlp: input string too short for [5]uint8"},
+	{input: "820000", ptr: new([5]byte), error: "rlp: input string too short for [5]uint8"},
 	{input: "C0", ptr: new([5]byte), error: "rlp: expected input string or byte for [5]uint8"},
 	{input: "C3010203", ptr: new([5]byte), error: "rlp: expected input string or byte for [5]uint8"},
 	{input: "86010203040506", ptr: new([5]byte), error: "rlp: input string too long for [5]uint8"},
-	{input: "8105", ptr: new([5]byte), error: "rlp: non-canonical size information for [5]uint8"},
-
-	// byte array reuse (should be zeroed)
-	{input: "850102030405", ptr: &sharedByteArray, value: [5]byte{1, 2, 3, 4, 5}},
-	{input: "01", ptr: &sharedByteArray, value: [5]byte{1}}, // kind: String
-	{input: "850102030405", ptr: &sharedByteArray, value: [5]byte{1, 2, 3, 4, 5}},
-	{input: "01", ptr: &sharedByteArray, value: [5]byte{1}}, // kind: Byte
+	{input: "8105", ptr: new([1]byte), error: "rlp: non-canonical size information for [1]uint8"},
 
 	// zero sized byte arrays
 	{input: "80", ptr: new([0]byte), value: [0]byte{}},
-- 
GitLab