fix: prevent panic on no-op contract extend for non-existent entries#2600
Open
toller892 wants to merge 1 commit into
Open
fix: prevent panic on no-op contract extend for non-existent entries#2600toller892 wants to merge 1 commit into
toller892 wants to merge 1 commit into
Conversation
When is called against a non-existent contract ID, the transaction succeeds as a no-op (empty changes). The code then tries to fetch the ledger entry and access without checking if the entries list is empty, causing an index-out-of-bounds panic. Also add a guard for the changes array having fewer than 2 elements before matching on and , preventing a potential panic on malformed transaction meta. Fixes stellar#2599
|
Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits. |
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR hardens contract extend by adding guard checks to avoid indexing into empty RPC responses and to fail fast when expected ledger changes are missing.
Changes:
- Return an error when
get_full_ledger_entriesreturns no entries in the no-op path. - Return an error when
changescontains fewer than two elements before indexing intochanges[0]/changes[1].
Comment on lines
+296
to
+298
| if changes.len() < 2 { | ||
| return Err(Error::LedgerEntryNotFound); | ||
| } |
Comment on lines
+288
to
291
| if entry.entries.is_empty() { | ||
| return Err(Error::LedgerEntryNotFound); | ||
| } | ||
| let extension = entry.entries[0].live_until_ledger_seq.unwrap_or_default(); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes a panic (
index out of bounds: the len is 0 but the index is 0) instellar contract extendwhen the target entry does not exist.Problem
When
stellar contract extendis called against a non-existent contract ID, the transaction succeeds as a no-op — the changes array is empty. The code then callsclient.get_full_ledger_entries(&keys)which returns an emptyentrieslist for a non-existent entry. Accessingentry.entries[0]without checking for emptiness causes anindex out of boundspanic atextend.rs:288.Reproduction:
Fix
Primary fix: Check
entry.entries.is_empty()before accessingentries[0]in the no-op path. ReturnError::LedgerEntryNotFoundif empty — consistent with how the same error is returned elsewhere in this function (lines 268, 277, 282).Defensive fix: Add a
changes.len() < 2guard before matching onchanges[0]andchanges[1], preventing a potential panic if the transaction meta is malformed (fewer than 2 change entries).Both checks use the existing
Error::LedgerEntryNotFoundvariant, which is already the error returned for all other "entry not found" cases in this function.Fixes #2599