Merge pull request #1636 from evoskuil/master

evoskuil · web-flow · commit 5d7b56072fef · 2025-04-13T16:09:46.000-04:00
Fix leak in chain::operation with invalid construct.
diff --git a/src/chain/operation.cpp b/src/chain/operation.cpp
@@ -221,25 +221,23 @@ void operation::assign_data(reader& source) NOEXCEPT
         source.invalidate();
 
     // An invalid source.read_bytes_raw returns nullptr.
-    INPLACE(&data_, data_chunk, allocator, source.read_bytes_raw(size));
+    const auto ptr = source.read_bytes_raw(size);
     underflow_ = !source;
+    if (!underflow_)
+    {
+        INPLACE(&data_, data_chunk, allocator, ptr);
+        return;
+    }
 
     // This requires that provided stream terminates at the end of the script.
     // When passing ops as part of a stream longer than the script, such as for
     // a transaction, caller should apply source.set_limit(prefix_size), and
     // clear the stream limit upon return. Stream invalidation and set_position
     // do not alter a stream limit, it just behaves as a smaller stream buffer.
     // Without a limit, source.read_bytes() below consumes the remaining stream.
-    if (underflow_)
-    {
-        code_ = any_invalid;
-        source.set_position(start);
-
-        // An invalid source.read_bytes_raw returns nullptr.
-        INPLACE(&data_, data_chunk, allocator, source.read_bytes_raw());
-    }
-
-    // All byte vectors are deserializable, stream indicates own failure.
+    code_ = any_invalid;
+    source.set_position(start);
+    INPLACE(&data_, data_chunk, allocator, source.read_bytes_raw());
 }
 
 // static/private
