Summary
Account data is parsed without validating buffer length, causing crashes or garbage values on truncated/corrupted data.
Affected Files
src/lib/program.ts:480-502 (parseCrapsGame)src/lib/program.ts:505-591 (parseCrapsPosition)
Problem Code
export function parseCrapsGame(data: Buffer): CrapsGame {
let offset = 1;
const epochId = data.readBigUInt64LE(offset); offset += 8;
// ... no length check - will crash if data too short
}Expected Sizes
- CrapsGame: 49 bytes minimum (1 + 8 + 1 + 1 + 6 + 8 + 8 + 8 + 8)
- CrapsPosition: 425 bytes minimum
Impact
- Severity: High
- Truncated account data causes crash
- Corrupted data returns garbage values
- Could display wrong game state, causing users to make bad bets
Proposed Fix
export function parseCrapsGame(data: Buffer): CrapsGame {
const MIN_SIZE = 49;
if (data.length < MIN_SIZE) {
throw new Error(\`Invalid CrapsGame data: expected at least \${MIN_SIZE} bytes, got \${data.length}\`);
}
let offset = 1;
// ... rest of parsing
}
export function parseCrapsPosition(data: Buffer): CrapsPosition {
const MIN_SIZE = 425;
if (data.length < MIN_SIZE) {
throw new Error(\`Invalid CrapsPosition data: expected at least \${MIN_SIZE} bytes, got \${data.length}\`);
}
// ... rest of parsing
}Labels
bug, data-integrity, high-priority, p1
Summary
Account data is parsed without validating buffer length, causing crashes or garbage values on truncated/corrupted data.
Affected Files
src/lib/program.ts:480-502(parseCrapsGame)src/lib/program.ts:505-591(parseCrapsPosition)Problem Code
Expected Sizes
Impact
Proposed Fix
Labels
bug, data-integrity, high-priority, p1