NewScriptPubkey: fix panic on empty scriptPubKey

starius · starius · commit 91b37dc6b4bb · 2025-11-07T01:25:50.000-03:00
If scriptPubKey is empty, we can't get &amp;scriptPubKey[0] from it.
diff --git a/kernel/script_pubkey.go b/kernel/script_pubkey.go
@@ -35,7 +35,11 @@ func newScriptPubkey(ptr *C.btck_ScriptPubkey, fromOwned bool) *ScriptPubkey {
 // Parameters:
 //   - rawScriptPubkey: Serialized script pubkey data
 func NewScriptPubkey(rawScriptPubkey []byte) *ScriptPubkey {
-	ptr := C.btck_script_pubkey_create(unsafe.Pointer(&rawScriptPubkey[0]), C.size_t(len(rawScriptPubkey)))
+	var buf unsafe.Pointer
+	if len(rawScriptPubkey) > 0 {
+		buf = unsafe.Pointer(&rawScriptPubkey[0])
+	}
+	ptr := C.btck_script_pubkey_create(buf, C.size_t(len(rawScriptPubkey)))
 	return newScriptPubkey(check(ptr), true)
 }
 
diff --git a/kernel/script_pubkey_test.go b/kernel/script_pubkey_test.go
@@ -32,6 +32,53 @@ func TestScriptPubkeyFromRaw(t *testing.T) {
 	}
 }
 
+func TestScriptPubkeyEmpty(t *testing.T) {
+	tests := []struct {
+		name string
+		data []byte
+	}{
+		{name: "nil slice", data: nil},
+		{name: "empty slice", data: []byte{}},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			scriptPubkey := NewScriptPubkey(tt.data)
+			if scriptPubkey == nil {
+				t.Fatal("ScriptPubkey is nil")
+			}
+			defer scriptPubkey.Destroy()
+
+			bytes, err := scriptPubkey.Bytes()
+			if err != nil {
+				t.Fatalf("ScriptPubkey.Bytes() error = %v", err)
+			}
+			if len(bytes) != 0 {
+				t.Fatalf("Expected empty script serialization, got %x", bytes)
+			}
+
+			// Minimal coinbase-style transaction with a single empty scriptSig and
+			// zero-value output; used to trigger verification paths.
+			txHex := "01000000010000000000000000000000000000000000000000000000000000000000000000ffffffff00ffffffff0100000000000000000000000000"
+			txBytes, err := hex.DecodeString(txHex)
+			if err != nil {
+				t.Fatalf("Failed to decode transaction hex: %v", err)
+			}
+			tx, err := NewTransaction(txBytes)
+			if err != nil {
+				t.Fatalf("Failed to create transaction: %v", err)
+			}
+			defer tx.Destroy()
+
+			var scriptErr *ScriptVerifyError
+			err = scriptPubkey.Verify(0, tx, nil, 0, ScriptFlagsVerifyNone)
+			if err == nil || !errors.As(err, &scriptErr) {
+				t.Fatalf("Expected script verification error for empty script, got %v", err)
+			}
+		})
+	}
+}
+
 func TestScriptPubkeyCopy(t *testing.T) {
 	scriptHex := "76a914389ffce9cd9ae88dcc0631e88a821ffdbe9bfe26158088ac"
 	scriptBytes, err := hex.DecodeString(scriptHex)
