cmd/disasm: fix array-out-of-bounds error (#3491)

1 files changed, 8 insertions, 4 deletions

diff --git a/cmd/disasm/main.go b/cmd/disasm/main.go
index 41cad0231..e6a9a6676 100644
--- a/cmd/disasm/main.go
+++ b/cmd/disasm/main.go
@@ -42,15 +42,19 @@ func main() {
 
 	for pc := uint64(0); pc < uint64(len(code)); pc++ {
 		op := vm.OpCode(code[pc])
-		fmt.Printf("%-5d  %v", pc, op)
 
 		switch op {
 		case vm.PUSH1, vm.PUSH2, vm.PUSH3, vm.PUSH4, vm.PUSH5, vm.PUSH6, vm.PUSH7, vm.PUSH8, vm.PUSH9, vm.PUSH10, vm.PUSH11, vm.PUSH12, vm.PUSH13, vm.PUSH14, vm.PUSH15, vm.PUSH16, vm.PUSH17, vm.PUSH18, vm.PUSH19, vm.PUSH20, vm.PUSH21, vm.PUSH22, vm.PUSH23, vm.PUSH24, vm.PUSH25, vm.PUSH26, vm.PUSH27, vm.PUSH28, vm.PUSH29, vm.PUSH30, vm.PUSH31, vm.PUSH32:
 			a := uint64(op) - uint64(vm.PUSH1) + 1
-			fmt.Printf("  => %x", code[pc+1:pc+1+a])
-
+			u := pc + 1 + a
+			if uint64(len(code)) <= pc || uint64(len(code)) < u {
+				fmt.Printf("Error: incomplete push instruction at %v\n", pc)
+				return
+			}
+			fmt.Printf("%-5d  %v  => %x\n", pc, op, code[pc+1:u])
 			pc += a
+		default:
+			fmt.Printf("%-5d  %v\n", pc, op)
 		}
-		fmt.Println()
 	}
 }