Fix crash if vote state is malformed (anza-xyz#715)

* Fix crash if vote state is malformed * Fix vote program crash if clock rewinds Return an instruction error instead of panicking if the vote program detects the vote program's vote authority history is newer than the current clock. --------- Co-authored-by: Richard Patel <[email protected]>
pgarg66 · Apr 10, 2024 · 4b6d274 · 4b6d274
1 parent e91a5e2
commit 4b6d274
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/sdk/program/src/vote/state/mod.rs b/sdk/program/src/vote/state/mod.rs
@@ -345,7 +345,7 @@ impl<I> CircBuf<I> {
 
     pub fn last(&self) -> Option<&I> {
         if !self.is_empty {
-            Some(&self.buf[self.idx])
+            self.buf.get(self.idx)
         } else {
             None
         }
@@ -787,7 +787,9 @@ impl VoteState {
             // 2) not be equal to latest epoch otherwise this
             //    function would have returned TooSoonToReauthorize error
             //    above
-            assert!(target_epoch > *latest_epoch);
+            if target_epoch <= *latest_epoch {
+                return Err(InstructionError::InvalidAccountData);
+            }
 
             // Commit the new state
             self.prior_voters.append((
@@ -1620,4 +1622,12 @@ mod tests {
         let bytes = bincode::serialize(&vote).unwrap();
         assert_eq!(vote, bincode::deserialize(&bytes).unwrap());
     }
+
+    #[test]
+    fn test_circbuf_oob() {
+        // Craft an invalid CircBuf with out-of-bounds index
+        let data: &[u8] = &[0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00];
+        let circ_buf: CircBuf<()> = bincode::deserialize(data).unwrap();
+        assert_eq!(circ_buf.last(), None);
+    }
 }