fix: add missing nil checks (Finschia#1299)

* fix: types: ensure .Amount is non-nil in Coin.Validate() (#15691) This change fixes a scenario in which Coin.Validate() would panic when given a nil Amount. While here, added a fuzz test along with unit/regression tests. Fixes #15690 * fix: change math.NewInt to sdk.NewInt Signed-off-by: 170210 <j170210@icloud.com> * fix: change to finschia-sdk Signed-off-by: 170210 <j170210@icloud.com> * fix: prevent nil DecCoin creation when converting Coins to DecCoins (#12903) Closes: #12902 --- *All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues.* I have... - [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#pr-targeting)) - [ ] provided a link to the relevant issue or specification - [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/main/docs/building-modules) - [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#testing) - [ ] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [ ] reviewed "Files changed" and left comments if necessary - [ ] confirmed all CI checks have passed *All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items.* I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed state machine logic - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable) * chore: update CHANGELOG.md Signed-off-by: 170210 <j170210@icloud.com> * fix: fix lint Signed-off-by: 170210 <j170210@icloud.com> --------- Signed-off-by: 170210 <j170210@icloud.com> Co-authored-by: Emmanuel T Odeke <emmanuel@orijtech.com> Co-authored-by: yys <sw.yunsuk@gmail.com>
0Tech · Mar 26, 2024 · a7a39e5 · a7a39e5
1 parent b1c09cf
commit a7a39e5
Show file tree

Hide file tree

Showing 6 changed files with 93 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -62,6 +62,7 @@ Ref: https://keepachangelog.com/en/1.0.0/
 * (x/collection) [\#1294](https://github.com/Finschia/finschia-sdk/pull/1294) reject NFT coins on FT APIs
 * (sec) [\#1302](https://github.com/Finschia/finschia-sdk/pull/1302) remove map iteration non-determinism with keys + sorting
 * (client) [\#1303](https://github.com/Finschia/finschia-sdk/pull/1303) fix possible overflow in BuildUnsignedTx 
+* (types) [\#1299](https://github.com/Finschia/finschia-sdk/pull/1299) add missing nil checks
 
 ### Removed
 

diff --git a/types/coin.go b/types/coin.go
@@ -2,6 +2,7 @@ package types
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"regexp"
 	"sort"
@@ -44,6 +45,10 @@ func (coin Coin) Validate() error {
 		return err
 	}
 
+	if coin.Amount.IsNil() {
+		return errors.New("amount is nil")
+	}
+
 	if coin.Amount.IsNegative() {
 		return fmt.Errorf("negative coin amount: %v", coin.Amount)
 	}

diff --git a/types/coin_test.go b/types/coin_test.go
@@ -1034,6 +1034,39 @@ func (s *coinTestSuite) TestMarshalJSONCoins() {
 	}
 }
 
+func (s *coinTestSuite) TestCoinValidate() {
+	testCases := []struct {
+		name    string
+		coin    sdk.Coin
+		wantErr string
+	}{
+		{"nil coin: nil Amount", sdk.Coin{}, "invalid denom"},
+		{"non-blank coin, nil Amount", sdk.Coin{Denom: "atom"}, "amount is nil"},
+		{"valid coin", sdk.Coin{Denom: "atom", Amount: sdk.NewInt(100)}, ""},
+		{"negative coin", sdk.Coin{Denom: "atom", Amount: sdk.NewInt(-999)}, "negative coin amount"},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t := s.T()
+		t.Run(tc.name, func(t *testing.T) {
+			err := tc.coin.Validate()
+			if tc.wantErr == "" {
+				if err != nil {
+					t.Errorf("Unexpected error: %v", err)
+				}
+				return
+			} else {
+				if err == nil {
+					t.Error("Expected an error")
+				} else if !strings.Contains(err.Error(), tc.wantErr) {
+					t.Errorf("Error mismatch\n\tGot:  %q\nWant: %q", err, tc.wantErr)
+				}
+			}
+		})
+	}
+}
+
 func (s *coinTestSuite) TestCoinAminoEncoding() {
 	cdc := codec.NewLegacyAmino()
 	c := sdk.NewInt64Coin(testDenom1, 5)

diff --git a/types/dec_coin.go b/types/dec_coin.go
@@ -182,10 +182,14 @@ func sanitizeDecCoins(decCoins []DecCoin) DecCoins {
 // NewDecCoinsFromCoins constructs a new coin set with decimal values
 // from regular Coins.
 func NewDecCoinsFromCoins(coins ...Coin) DecCoins {
-	decCoins := make(DecCoins, len(coins))
+	if len(coins) == 0 {
+		return DecCoins{}
+	}
+
+	decCoins := make([]DecCoin, 0, len(coins))
 	newCoins := NewCoins(coins...)
-	for i, coin := range newCoins {
-		decCoins[i] = NewDecCoinFromCoin(coin)
+	for _, coin := range newCoins {
+		decCoins = append(decCoins, NewDecCoinFromCoin(coin))
 	}
 
 	return decCoins

diff --git a/types/dec_coin_test.go b/types/dec_coin_test.go
@@ -546,6 +546,29 @@ func (s *decCoinTestSuite) TestNewDecCoinsWithIsValid() {
 	}
 }
 
+func (s *decCoinTestSuite) TestNewDecCoinsWithZeroCoins() {
+	zeroCoins := append(sdk.NewCoins(sdk.NewCoin("mytoken", sdk.NewInt(0))), sdk.Coin{Denom: "wbtc", Amount: sdk.NewInt(10)})
+
+	tests := []struct {
+		coins        sdk.Coins
+		expectLength int
+	}{
+		{
+			sdk.NewCoins(sdk.NewCoin("mytoken", sdk.NewInt(10)), sdk.NewCoin("wbtc", sdk.NewInt(10))),
+			2,
+		},
+		{
+			zeroCoins,
+			1,
+		},
+	}
+
+	for _, tc := range tests {
+		tc := tc
+		s.Require().Equal(sdk.NewDecCoinsFromCoins(tc.coins...).Len(), tc.expectLength)
+	}
+}
+
 func (s *decCoinTestSuite) TestDecCoins_AddDecCoinWithIsValid() {
 	lengthTestDecCoins := sdk.NewDecCoins().Add(sdk.NewDecCoin("mytoken", sdk.NewInt(10))).Add(sdk.DecCoin{Denom: "BTC", Amount: sdk.NewDec(10)})
 	s.Require().Equal(2, len(lengthTestDecCoins), "should be 2")

diff --git a/types/fuzz_test.go b/types/fuzz_test.go
@@ -0,0 +1,24 @@
+package types
+
+import (
+	"testing"
+
+	"github.com/Finschia/finschia-sdk/codec"
+)
+
+func FuzzCoinUnmarshalJSON(f *testing.F) {
+	if testing.Short() {
+		f.Skip()
+	}
+
+	cdc := codec.NewLegacyAmino()
+	f.Add(`{"denom":"atom","amount":"1000"}`)
+	f.Add(`{"denom":"atom","amount":"-1000"}`)
+	f.Add(`{"denom":"uatom","amount":"1000111111111111111111111"}`)
+	f.Add(`{"denom":"mu","amount":"0"}`)
+
+	f.Fuzz(func(t *testing.T, jsonBlob string) {
+		var c Coin
+		_ = cdc.UnmarshalJSON([]byte(jsonBlob), &c)
+	})
+}