consensus, contracts: check input length of ExtractValidatorsFromBytes, close XFN-14 (#1608)

2026-06-19 21:31:37 +00:00 · 2025-10-08 13:16:01 +08:00 · 2025-10-08 13:16:01 +08:00 · c7fb2e875d
commit c7fb2e875d
parent 3efe26df08
4 changed files with 12 additions and 6 deletions
--- a/consensus/XDPoS/engines/engine_v1/utils.go
+++ b/consensus/XDPoS/engines/engine_v1/utils.go
@ -28,7 +28,10 @@ func getM1M2FromCheckpointHeader(checkpointHeader *types.Header, currentHeader *
 	}
 	// Get signers from this block.
 	masternodes := decodeMasternodesFromHeaderExtra(checkpointHeader)
-	validators := utils.ExtractValidatorsFromBytes(checkpointHeader.Validators)
+	validators, err := utils.ExtractValidatorsFromBytes(checkpointHeader.Validators)
+	if err != nil {
+		return map[common.Address]common.Address{}, err
+	}
 	m1m2, _, err := getM1M2(masternodes, validators, currentHeader, config)
 	if err != nil {
 		return map[common.Address]common.Address{}, err
--- a/consensus/XDPoS/utils/utils.go
+++ b/consensus/XDPoS/utils/utils.go
@ -35,7 +35,10 @@ func Hop(len, pre, cur int) int {
 }

 // Extract validators from byte array.
-func ExtractValidatorsFromBytes(byteValidators []byte) []int64 {
+func ExtractValidatorsFromBytes(byteValidators []byte) ([]int64, error) {
+	if len(byteValidators)%M2ByteLength != 0 {
+		return []int64{}, fmt.Errorf("invalid byte array length %d for validators", len(byteValidators))
+	}
 	lenValidator := len(byteValidators) / M2ByteLength
 	var validators []int64
 	for i := 0; i < lenValidator; i++ {
@ -43,12 +46,12 @@ func ExtractValidatorsFromBytes(byteValidators []byte) []int64 {
 		intNumber, err := strconv.Atoi(string(trimByte))
 		if err != nil {
 			log.Error("Can not convert string to integer", "error", err)
-			return []int64{}
+			return []int64{}, fmt.Errorf("can not convert string %s to integer: %v", string(trimByte), err)
 		}
 		validators = append(validators, int64(intNumber))
 	}

-	return validators
+	return validators, nil
 }

 // compare 2 signers lists
--- a/contracts/utils.go
+++ b/contracts/utils.go
@ -292,7 +292,7 @@ func DecodeValidatorsHexData(validatorsStr string) ([]int64, error) {
 		return nil, err
 	}

-	return utils.ExtractValidatorsFromBytes(validatorsByte), nil
+	return utils.ExtractValidatorsFromBytes(validatorsByte)
 }

 // Decrypt randomize from secrets and opening.
--- a/contracts/utils_test.go
+++ b/contracts/utils_test.go
@ -188,7 +188,7 @@ func TestGenM2FromRandomize(t *testing.T) {
 func TestBuildValidatorFromM2(t *testing.T) {
 	a := []int64{84, 58, 27, 96, 127, 60, 136, 20, 121, 31, 87, 85, 40, 120, 149, 109, 141, 145, 11, 110, 147, 35, 76, 46, 34, 108, 72, 103, 102, 12, 23, 47, 70, 86, 125, 112, 128, 13, 130, 98, 126, 62, 132, 111, 134, 6, 106, 67, 24, 91, 101, 50, 94, 43, 77, 73, 129, 71, 51, 10, 92, 29, 80, 95, 33, 100, 124, 75, 38, 133, 79, 83, 61, 36, 122, 99, 16, 28, 18, 116, 140, 97, 119, 82, 148, 48, 56, 32, 93, 107, 69, 68, 123, 81, 22, 137, 25, 115, 44, 8, 42, 131, 143, 17, 55, 89, 9, 15, 19, 59, 146, 54, 5, 30, 41, 144, 117, 1, 104, 49, 105, 45, 88, 78, 74, 135, 0, 21, 57, 3, 66, 52, 63, 138, 4, 114, 37, 118, 14, 2, 26, 7, 65, 139, 39, 64, 90, 142, 53, 113}
 	b := BuildValidatorFromM2(a)
-	c := utils.ExtractValidatorsFromBytes(b)
+	c, _ := utils.ExtractValidatorsFromBytes(b)
 	if !isArrayEqual([][]int64{a}, [][]int64{c}) {
 		t.Errorf("Fail to get m2 result %v", b)
 	}