From d5677cde4881b25536a8c945119a262a2e5a0355 Mon Sep 17 00:00:00 2001
From: cheme <emericchevalier.pro@gmail.com>
Date: Sat, 5 Nov 2022 23:26:12 +0100
Subject: [PATCH] Guard some invalid node for proof decoding. (#12417)

* Guard some invalid node for proof decoding.

* only forbid bitmap with no children.

* change format

* scale error.

* small test

Co-authored-by: parity-processbot <>
---
 substrate/primitives/trie/src/lib.rs        | 11 +++++++++++
 substrate/primitives/trie/src/node_codec.rs |  9 +++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/substrate/primitives/trie/src/lib.rs b/substrate/primitives/trie/src/lib.rs
index f40ed4d9b5..5634d96d58 100644
--- a/substrate/primitives/trie/src/lib.rs
+++ b/substrate/primitives/trie/src/lib.rs
@@ -986,4 +986,15 @@ mod tests {
 
 		assert_eq!(first_storage_root, second_storage_root);
 	}
+
+	#[test]
+	fn node_with_no_children_fail_decoding() {
+		let branch = NodeCodec::<Blake2Hasher>::branch_node_nibbled(
+			b"some_partial".iter().copied(),
+			24,
+			vec![None; 16].into_iter(),
+			Some(trie_db::node::Value::Inline(b"value"[..].into())),
+		);
+		assert!(NodeCodec::<Blake2Hasher>::decode(branch.as_slice()).is_err());
+	}
 }
diff --git a/substrate/primitives/trie/src/node_codec.rs b/substrate/primitives/trie/src/node_codec.rs
index 4b3e69adb7..0202b1c6ba 100644
--- a/substrate/primitives/trie/src/node_codec.rs
+++ b/substrate/primitives/trie/src/node_codec.rs
@@ -304,8 +304,13 @@ const BITMAP_LENGTH: usize = 2;
 pub(crate) struct Bitmap(u16);
 
 impl Bitmap {
-	pub fn decode(mut data: &[u8]) -> Result<Self, codec::Error> {
-		Ok(Bitmap(u16::decode(&mut data)?))
+	pub fn decode(data: &[u8]) -> Result<Self, codec::Error> {
+		let value = u16::decode(&mut &data[..])?;
+		if value == 0 {
+			Err("Bitmap without a child.".into())
+		} else {
+			Ok(Bitmap(value))
+		}
 	}
 
 	pub fn value_at(&self, i: usize) -> bool {