From 96fd50be10885c9b3033404df698177fdb63d036 Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Mon, 1 Oct 2018 14:17:37 +0200 Subject: accounts/abi: fix panic in MethodById lookup. Fixes #17797 (#17798) --- accounts/abi/abi.go | 3 +++ accounts/abi/abi_test.go | 11 ++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) (limited to 'accounts') diff --git a/accounts/abi/abi.go b/accounts/abi/abi.go index 254b1f7fb..535e5d78b 100644 --- a/accounts/abi/abi.go +++ b/accounts/abi/abi.go @@ -137,6 +137,9 @@ func (abi *ABI) UnmarshalJSON(data []byte) error { // MethodById looks up a method by the 4-byte id // returns nil if none found func (abi *ABI) MethodById(sigdata []byte) (*Method, error) { + if len(sigdata) < 4 { + return nil, fmt.Errorf("data too short (% bytes) for abi method lookup", len(sigdata)) + } for _, method := range abi.Methods { if bytes.Equal(method.Id(), sigdata[:4]) { return &method, nil diff --git a/accounts/abi/abi_test.go b/accounts/abi/abi_test.go index 8018df775..59ba79cb6 100644 --- a/accounts/abi/abi_test.go +++ b/accounts/abi/abi_test.go @@ -711,5 +711,14 @@ func TestABI_MethodById(t *testing.T) { t.Errorf("Method %v (id %v) not 'findable' by id in ABI", name, common.ToHex(m.Id())) } } - + // Also test empty + if _, err := abi.MethodById([]byte{0x00}); err == nil { + t.Errorf("Expected error, too short to decode data") + } + if _, err := abi.MethodById([]byte{}); err == nil { + t.Errorf("Expected error, too short to decode data") + } + if _, err := abi.MethodById(nil); err == nil { + t.Errorf("Expected error, nil is short to decode data") + } } -- cgit v1.2.3