From 38d46e284b8d8b54dc607ac107d32630284185c0 Mon Sep 17 00:00:00 2001
From: yutianwu <wzxingbupt@gmail.com>
Date: Mon, 13 Mar 2023 17:32:40 +0800
Subject: [PATCH 1/2] sec: implement security enhancements

---
 store/statesync_helper.go | 7 +++++++
 types/store.go            | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/store/statesync_helper.go b/store/statesync_helper.go
index d2284df18..f879a4023 100644
--- a/store/statesync_helper.go
+++ b/store/statesync_helper.go
@@ -200,6 +200,9 @@ func (helper *StateSyncHelper) WriteRecoveryChunk(hash abci.SHA256Sum, chunk *ab
 					return err
 				}
 			}
+			if numOfNodes == 0 {
+				return fmt.Errorf("length of nodes is 0")
+			}
 			nodeIdx := chunk.StartIdx + int64(numOfNodes-1)
 			helper.incompleteChunks[nodeIdx] = append(helper.incompleteChunks[nodeIdx],
 				incompleteChunkItem{
@@ -277,6 +280,10 @@ func (helper *StateSyncHelper) saveIncompleteChunks() error {
 		// sort and check chunkItems are valid
 		sort.Sort(&chunkItemSorter{chunkItems})
 
+		if len(chunkItems) == 0 {
+			return fmt.Errorf("length of chunks is 0")
+		}
+
 		expectedNodeParts := chunkItems[len(chunkItems)-1].chunkIdx - chunkItems[0].chunkIdx + 1
 		if expectedNodeParts != len(chunkItems) {
 			return fmt.Errorf("node parts are not complete, should be %d, but have %d, nodeIdx: %d", expectedNodeParts, len(chunkItems), nodeIdx)
diff --git a/types/store.go b/types/store.go
index 90b70f787..9d853e729 100644
--- a/types/store.go
+++ b/types/store.go
@@ -287,7 +287,7 @@ func (key *KVStoreKey) String() string {
 // range query for all []byte with a certain prefix
 // Deals with last byte of prefix being FF without overflowing
 func PrefixEndBytes(prefix []byte) []byte {
-	if prefix == nil {
+	if prefix == nil || len(prefix) == 0 {
 		return nil
 	}
 

From 5d37b1386129165b819ebbb0df13541886c5b9ab Mon Sep 17 00:00:00 2001
From: yutianwu <wzxingbupt@gmail.com>
Date: Tue, 14 Mar 2023 08:07:01 +0800
Subject: [PATCH 2/2] fix comments

---
 store/statesync_helper.go | 8 +++++---
 types/store.go            | 2 +-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/store/statesync_helper.go b/store/statesync_helper.go
index f879a4023..c9ded5f0a 100644
--- a/store/statesync_helper.go
+++ b/store/statesync_helper.go
@@ -181,6 +181,10 @@ func (helper *StateSyncHelper) WriteRecoveryChunk(hash abci.SHA256Sum, chunk *ab
 	if chunk != nil {
 		numOfNodes := len(chunk.Nodes)
 		nodes := make([]*iavl.Node, 0, numOfNodes)
+		
+		if numOfNodes == 0 {
+			return fmt.Errorf("length of nodes is 0")
+		}
 
 		helper.logger.Info("start write recovery chunk", "isComplete", isComplete, "hash", fmt.Sprintf("%x", hash), "startIdx", chunk.StartIdx, "numOfNodes", numOfNodes, "chunkCompletion", chunk.Completeness)
 
@@ -200,9 +204,7 @@ func (helper *StateSyncHelper) WriteRecoveryChunk(hash abci.SHA256Sum, chunk *ab
 					return err
 				}
 			}
-			if numOfNodes == 0 {
-				return fmt.Errorf("length of nodes is 0")
-			}
+
 			nodeIdx := chunk.StartIdx + int64(numOfNodes-1)
 			helper.incompleteChunks[nodeIdx] = append(helper.incompleteChunks[nodeIdx],
 				incompleteChunkItem{
diff --git a/types/store.go b/types/store.go
index 9d853e729..692b854d3 100644
--- a/types/store.go
+++ b/types/store.go
@@ -287,7 +287,7 @@ func (key *KVStoreKey) String() string {
 // range query for all []byte with a certain prefix
 // Deals with last byte of prefix being FF without overflowing
 func PrefixEndBytes(prefix []byte) []byte {
-	if prefix == nil || len(prefix) == 0 {
+	if len(prefix) == 0 {
 		return nil
 	}