Skip to content

Commit

Permalink
fix: x/auth/types: ensure nil .BaseAccounts are reported in ModuleAcc…
Browse files Browse the repository at this point in the history
…ount.Validate

This change ensures that ModuleAccount.Validate flags nil .BaseAccount
to avoid a nil pointer dereference. This bug was found by fuzzing
cosmos/gaia.

Fixes #16552
  • Loading branch information
odeke-em committed Jun 14, 2023
1 parent eed7286 commit 68b854d
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 0 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,10 @@ Ref: https://keepachangelog.com/en/1.0.0/
* (x/distribution) [#16483](https://github.com/cosmos/cosmos-sdk/pull/16483) use collections for `DelegatorStartingInfo` state management:
* remove `Keeper`: `IterateDelegatorStartingInfo`, `GetDelegatorStartingInfo`, `SetDelegatorStartingInfo`, `DeleteDelegatorStartingInfo`, `HasDelegatorStartingInfo`

### Bug Fixes

* (x/auth/types) [#16554](https://github.com/cosmos/cosmos-sdk/pull/16554) `ModuleAccount.Validate` now reports a nil `.BaseAccount` instead of panicking.

## [v0.50.0-alpha.0](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.0-alpha.0) - 2023-06-07

### Features
Expand Down
4 changes: 4 additions & 0 deletions x/auth/types/account.go
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,10 @@ func (ma ModuleAccount) Validate() error {
return fmt.Errorf("address %s cannot be derived from the module name '%s'", ma.Address, ma.Name)
}

if ma.BaseAccount == nil {
return errors.New("uninitialized ModuleAccount: BaseAccount is nil")
}

return ma.BaseAccount.Validate()
}

Expand Down
5 changes: 5 additions & 0 deletions x/auth/types/account_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -193,3 +193,8 @@ func TestNewModuleAddressOrBech32Address(t *testing.T) {
require.Equal(t, input, types.NewModuleAddressOrBech32Address(input).String())
require.Equal(t, "cosmos1jv65s3grqf6v6jl3dp4t6c9t9rk99cd88lyufl", types.NewModuleAddressOrBech32Address("distribution").String())
}

func TestModuleAccountValidateNilBaseAccount(t *testing.T) {
ma := &types.ModuleAccount{Name: "foo"}
_ = ma.Validate()
}

0 comments on commit 68b854d

Please sign in to comment.