fix: fix fuzz findings

Biglup · Nov 29, 2024 · 1ba6a6f · 1ba6a6f
1 parent b08fc43
commit 1ba6a6f
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 5 deletions.
diff --git a/lib/src/cbor/cbor_reader/cbor_reader_collections.c b/lib/src/cbor/cbor_reader/cbor_reader_collections.c
@@ -217,17 +217,18 @@ _cbor_reader_read_indefinite_length_concatenated(cardano_cbor_reader_t* reader,
 
   cardano_buffer_t* concat = cardano_buffer_new(INITIAL_CONCAT_BUFFER_CAPACITY);
 
-  if ((concat == NULL) || (cardano_buffer_get_size(data) == 0U))
+  size_t       i    = HEADER_BYTE_SIZE;
+  const size_t size = cardano_buffer_get_size(data);
+
+  if ((concat == NULL) || (size <= HEADER_BYTE_SIZE))
   {
     cardano_buffer_unref(&data);
     cardano_buffer_unref(&concat);
 
     return CARDANO_ERROR_DECODING;
   }
 
-  size_t       i            = HEADER_BYTE_SIZE;
-  byte_t       initial_byte = cardano_buffer_get_data(data)[i];
-  const size_t size         = cardano_buffer_get_size(data);
+  byte_t initial_byte = cardano_buffer_get_data(data)[i];
 
   while (initial_byte != CBOR_INITIAL_BYTE_INDEFINITE_LENGTH_BREAK)
   {
@@ -236,7 +237,7 @@ _cbor_reader_read_indefinite_length_concatenated(cardano_cbor_reader_t* reader,
 
     cardano_buffer_t* slice = cardano_buffer_slice(data, i, cardano_buffer_get_size(data));
 
-    if (slice == NULL)
+    if ((slice == NULL) || (cardano_buffer_get_size(slice) == 0U))
     {
       cardano_buffer_unref(&data);
       cardano_buffer_unref(&concat);

diff --git a/lib/src/transaction_body/transaction_output.c b/lib/src/transaction_body/transaction_output.c
@@ -179,7 +179,13 @@ cardano_transaction_output_from_cbor(cardano_cbor_reader_t* reader, cardano_tran
 
       if (peek_result != CARDANO_SUCCESS)
       {
+        cardano_address_unref(&address);
+        cardano_value_unref(&value);
+        cardano_datum_unref(&datum);
+        cardano_script_unref(&script_ref);
+
         *transaction_output = NULL;
+
         return peek_result;
       }
 
@@ -194,6 +200,11 @@ cardano_transaction_output_from_cbor(cardano_cbor_reader_t* reader, cardano_tran
 
       if (read_key_result != CARDANO_SUCCESS)
       {
+        cardano_address_unref(&address);
+        cardano_value_unref(&value);
+        cardano_datum_unref(&datum);
+        cardano_script_unref(&script_ref);
+
         *transaction_output = NULL;
         return read_key_result;
       }
@@ -202,6 +213,7 @@ cardano_transaction_output_from_cbor(cardano_cbor_reader_t* reader, cardano_tran
       {
         case 0U:
         {
+          cardano_address_unref(&address);
           cardano_buffer_t* address_bytes = NULL;
 
           const cardano_error_t read_address_result = cardano_cbor_reader_read_bytestring(reader, &address_bytes);
@@ -232,6 +244,7 @@ cardano_transaction_output_from_cbor(cardano_cbor_reader_t* reader, cardano_tran
         }
         case 1U:
         {
+          cardano_value_unref(&value);
           const cardano_error_t read_value_result = cardano_value_from_cbor(reader, &value);
 
           if (read_value_result != CARDANO_SUCCESS)
@@ -250,6 +263,7 @@ cardano_transaction_output_from_cbor(cardano_cbor_reader_t* reader, cardano_tran
         }
         case 2U:
         {
+          cardano_datum_unref(&datum);
           const cardano_error_t read_datum_result = cardano_datum_from_cbor(reader, &datum);
 
           if (read_datum_result != CARDANO_SUCCESS)
@@ -268,6 +282,7 @@ cardano_transaction_output_from_cbor(cardano_cbor_reader_t* reader, cardano_tran
         }
         case 3U:
         {
+          cardano_script_unref(&script_ref);
           cardano_cbor_tag_t tag;
 
           const cardano_error_t read_tag_result = cardano_cbor_reader_read_tag(reader, &tag);

diff --git a/lib/tests/transaction/transaction.cpp b/lib/tests/transaction/transaction.cpp
@@ -1112,4 +1112,22 @@ TEST(cardano_transaction_has_script_data, returnsFalseIfNoScriptData)
 
   // Cleanup
   cardano_transaction_unref(&transaction);
+}
+
+TEST(cardano_transaction_from_cbor, returnsDecodingErrorIfRepeatedKeyInOutput)
+{
+  // Arrange
+  cardano_transaction_t* transaction = NULL;
+  const char*            cbor        = "9a80820260a30208048010a30108010a30100424008f37086f30088f88fff8f9889898";
+  cardano_cbor_reader_t* reader      = cardano_cbor_reader_from_hex(cbor, strlen(cbor));
+
+  // Act
+  cardano_error_t result = cardano_transaction_from_cbor(reader, &transaction);
+
+  // Assert
+  EXPECT_EQ(result, CARDANO_ERROR_DECODING);
+
+  // Cleanup
+  cardano_cbor_reader_unref(&reader);
+  cardano_transaction_unref(&transaction);
 }