From 71e802c740ee5662de21a71ddfede7c0dea88d3f Mon Sep 17 00:00:00 2001 From: Dustin Brody Date: Thu, 16 Apr 2020 21:21:28 +0200 Subject: [PATCH] harden SSZ reader --- beacon_chain/ssz/bytes_reader.nim | 2 ++ 1 file changed, 2 insertions(+) diff --git a/beacon_chain/ssz/bytes_reader.nim b/beacon_chain/ssz/bytes_reader.nim index b314a8eba..71ff38cc0 100644 --- a/beacon_chain/ssz/bytes_reader.nim +++ b/beacon_chain/ssz/bytes_reader.nim @@ -169,6 +169,8 @@ func readSszValue*(input: openarray[byte], T: type): T = raise newException(MalformedSszError, "SSZ field offsets are not monotonically increasing") elif endOffset > input.len: raise newException(MalformedSszError, "SSZ field offset points past the end of the input") + elif startOffset < boundingOffsets[0]: + raise newException(MalformedSszError, "SSZ field offset points outside bounding offsets") # TODO The extra type escaping here is a work-around for a Nim issue: when type(FieldType) is type(SszType):