One of the preconditions listed in simplicity_build_txEnv is that ix < tx->numInputs.
|
/* Contstruct a txEnv structure from its components. |
|
* This function will precompute any cached values. |
|
* |
|
* Precondition: NULL != tx |
|
* NULL != taproot |
|
* NULL != genesisHash |
|
* ix < tx->numInputs |
|
*/ |
|
txEnv simplicity_build_txEnv(const transaction* tx, const tapEnv* taproot, const sha256_midstate* genesisHash, uint_fast32_t ix); |
However at the call site, this is not ensured.
|
txEnv env = simplicity_build_txEnv(tx, taproot, &genesis_hash, ix); |
The ix value is passed straight into simplicity_build_txEnv.
AFAICT, there are no bad consequences to this at the moment. env->ix is only used in elementsJets.c, and it is checked before ever being used as an array index.
The solution is to either list ix in the preconditions of simplicity_elements_execSimplicity, or check the ix value in that function.
One of the preconditions listed in
simplicity_build_txEnvis thatix < tx->numInputs.simplicity/C/primitive/elements/primitive.h
Lines 266 to 274 in de799bd
However at the call site, this is not ensured.
simplicity/C/primitive/elements/exec.c
Line 120 in de799bd
The
ixvalue is passed straight intosimplicity_build_txEnv.AFAICT, there are no bad consequences to this at the moment.
env->ixis only used in elementsJets.c, and it is checked before ever being used as an array index.The solution is to either list
ixin the preconditions ofsimplicity_elements_execSimplicity, or check theixvalue in that function.