Merge #19508: Work around memory-aliasing in descriptor ParsePubkey

MarcoFalke · MarcoFalke · commit 31d2b4098a9e · 2020-07-26T19:01:51.000+02:00
fa2ae0a span: Add Span::empty() and use it in script/descriptor (MarcoFalke) fa8a992 Work around memory-aliasing in descriptor ParsePubkey (MarcoFalke) Pull request description: While this is not undefined behaviour, the memory aliasing trick is confusing when reading the code. Having `a.size()==0` and then access `a[0]` works in this particular case, but should probably be avoided to harden the code for the future. ACKs for top commit: theStack: re-ACK bitcoin/bitcoin@fa2ae0a elichai: ACK fa2ae0a jonatack: ACK fa2ae0a Tree-SHA512: 0ec7b09eef45504973a195923cdf1aa8522117c8e2f69b453e5ce9aa8a7e327c71138518022c32d05133dc99cb861101ed0f60fa891814ee3e9dab3a6fa61a84
diff --git a/src/script/descriptor.cpp b/src/script/descriptor.cpp
@@ -825,8 +825,9 @@ std::unique_ptr<PubkeyProvider> ParsePubkey(uint32_t key_exp_index, const Span<c
         return nullptr;
     }
     if (origin_split.size() == 1) return ParsePubkeyInner(key_exp_index, origin_split[0], permit_uncompressed, out, error);
-    if (origin_split[0].size() < 1 || origin_split[0][0] != '[') {
-        error = strprintf("Key origin start '[ character expected but not found, got '%c' instead", origin_split[0][0]);
+    if (origin_split[0].empty() || origin_split[0][0] != '[') {
+        error = strprintf("Key origin start '[ character expected but not found, got '%c' instead",
+                          origin_split[0].empty() ? /** empty, implies split char */ ']' : origin_split[0][0]);
         return nullptr;
     }
     auto slash_split = Split(origin_split[0].subspan(1), '/');
@@ -896,7 +897,7 @@ std::unique_ptr<DescriptorImpl> ParseScript(uint32_t key_exp_index, Span<const c
             providers.emplace_back(std::move(pk));
             key_exp_index++;
         }
-        if (providers.size() < 1 || providers.size() > 16) {
+        if (providers.empty() || providers.size() > 16) {
             error = strprintf("Cannot have %u keys in multisig; must have between 1 and 16 keys, inclusive", providers.size());
             return nullptr;
         } else if (thres < 1) {
diff --git a/src/span.h b/src/span.h
@@ -151,6 +151,7 @@ class Span
         return m_data[m_size - 1];
     }
     constexpr std::size_t size() const noexcept { return m_size; }
+    constexpr bool empty() const noexcept { return size() == 0; }
     CONSTEXPR_IF_NOT_DEBUG C& operator[](std::size_t pos) const noexcept
     {
         ASSERT_IF_DEBUG(size() > pos);

Original file line number	Diff line number	Diff line change
`@@ -151,6 +151,7 @@ class Span`
`151`	`151`	`return m_data[m_size - 1];`
`152`	`152`	`}`
`153`	`153`	`constexpr std::size_t size() const noexcept { return m_size; }`
	`154`	`+ constexpr bool empty() const noexcept { return size() == 0; }`
`154`	`155`	`CONSTEXPR_IF_NOT_DEBUG C& operator[](std::size_t pos) const noexcept`
`155`	`156`	`{`
`156`	`157`	`ASSERT_IF_DEBUG(size() > pos);`