univalue: respect token end pointer #35281

pull ferminquant wants to merge 1 commits into bitcoin:master from ferminquant:fix-univalue-token-bounds changing 3 files +51 −9
  1. ferminquant commented at 2:25 PM on May 13, 2026: none

    Fixes #28260.

    Avoid reading past the supplied end pointer when matching JSON keywords and validating number prefixes.

    Also update the UniValue test and parse_univalue fuzz target to exercise bounded input.

  2. DrahtBot added the label RPC/REST/ZMQ on May 13, 2026
  3. DrahtBot commented at 2:25 PM on May 13, 2026: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--006a51241073e994b41acfe9ec718e94-->

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/35281.

    <!--021abf342d371248e50ceaed478a90ca-->

    Reviews

    See the guideline for information on the review process. A summary of reviews will appear here.

    <!--5faf32d7da4f0f540f40219e4f7537a3-->

  4. ferminquant force-pushed on May 13, 2026
  5. ferminquant force-pushed on May 13, 2026
  6. in src/test/fuzz/parse_univalue.cpp:22 in e9a2bbe3ef 
      17 | @@ -18,7 +18,9 @@ void initialize_parse_univalue()
  18 |  
  19 |  FUZZ_TARGET(parse_univalue, .init = initialize_parse_univalue)
  20 |  {
  21 | -    const std::string random_string(buffer.begin(), buffer.end());
  22 | +    const char* const buffer_data{
  23 | +        buffer.empty() ? "" : reinterpret_cast<const char*>(buffer.data())};
    maflcko commented at 3:56 PM on May 13, 2026:

    why the ??

    ferminquant commented at 1:16 AM on May 14, 2026:

    You're right, it's not needed. I fixed it in a new commit.

  7. DrahtBot added the label CI failed on May 13, 2026
  8. DrahtBot commented at 4:06 PM on May 13, 2026: contributor

    <!--85328a0da195eb286784d51f73fa0af9-->

    🚧 At least one of the CI tasks failed. <sub>Task iwyu: https://github.com/bitcoin/bitcoin/actions/runs/25806359727/job/75815150297</sub> <sub>LLM reason (✨ experimental): CI failed because the IWYU (include-what-you-use) check flagged missing/wrong includes and intentionally returned non-zero exit status (“Failure generated from IWYU”).</sub>

    <details><summary>Hints</summary>

    Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:

    • Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.

    • A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.

    • An intermittent issue.

    Leave a comment here, if you need help tracking down a confusing failure.

    </details>

  9. univalue: respect token end pointer db49f974fe
  10. ferminquant force-pushed on May 14, 2026
  11. DrahtBot removed the label CI failed on May 14, 2026
Contributors
ferminquantDrahtBotmaflcko
Labels
RPC/REST/ZMQ
Linked (view graph)
#28260 getJsonToken assumes underlying string is null-terminated but requires end pointer
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-19 06:51 UTC