Fix uninit stack exposure in genesis_create

riptl · ripatel-fd · commit 77da6473f5ba · 2025-05-12T07:58:27.000Z
diff --git a/src/app/shared_dev/commands/configure/genesis.c b/src/app/shared_dev/commands/configure/genesis.c
@@ -125,17 +125,20 @@ create_genesis( config_t const * config,
   uchar const * identity_pubkey_ = fd_keyload_load( config->paths.identity_key, 1 );
   if( FD_UNLIKELY( !identity_pubkey_ ) ) FD_LOG_ERR(( "Failed to load identity key" ));
   memcpy( options->identity_pubkey.key, identity_pubkey_, 32 );
+  fd_keyload_unload( identity_pubkey_, 1 );
 
   char file_path[ PATH_MAX ];
   FD_TEST( fd_cstr_printf_check( file_path, PATH_MAX, NULL, "%s/faucet.json", config->paths.base ) );
   uchar const * faucet_pubkey_ = fd_keyload_load( file_path, 1 );
   if( FD_UNLIKELY( !faucet_pubkey_ ) ) FD_LOG_ERR(( "Failed to load faucet key" ));
   memcpy( options->faucet_pubkey.key, faucet_pubkey_, 32 );
+  fd_keyload_unload( faucet_pubkey_, 1 );
 
   FD_TEST( fd_cstr_printf_check( file_path, PATH_MAX, NULL, "%s/stake-account.json", config->paths.base ) );
   uchar const * stake_pubkey_ = fd_keyload_load( file_path, 1 );
   if( FD_UNLIKELY( !stake_pubkey_ ) ) FD_LOG_ERR(( "Failed to load stake account key" ));
   memcpy( options->stake_pubkey.key, stake_pubkey_, 32 );
+  fd_keyload_unload( stake_pubkey_, 1 );
 
   if( !strcmp( config->paths.vote_account, "" ) ) {
     FD_TEST( fd_cstr_printf_check( file_path, PATH_MAX, NULL, "%s/vote-account.json", config->paths.base ) );
@@ -146,7 +149,7 @@ create_genesis( config_t const * config,
   uchar const * vote_pubkey_ = fd_keyload_load( file_path, 1 );
   if( FD_UNLIKELY( !vote_pubkey_ ) ) FD_LOG_ERR(( "Failed to load vote account key" ));
   memcpy( options->vote_pubkey.key, vote_pubkey_, 32 );
-
+  fd_keyload_unload( vote_pubkey_, 1 );
 
   options->creation_time      = (ulong)fd_log_wallclock() / (ulong)1e9;
   options->faucet_balance     = 500000000000000000UL;
@@ -209,11 +212,6 @@ create_genesis( config_t const * config,
 
   fd_scratch_detach( NULL );
 
-  fd_keyload_unload( identity_pubkey_, 1 );
-  fd_keyload_unload( faucet_pubkey_, 1 );
-  fd_keyload_unload( stake_pubkey_, 1 );
-  fd_keyload_unload( vote_pubkey_, 1 );
-
   return blob_sz;
 }
 
diff --git a/src/flamenco/genesis/fd_genesis_create.c b/src/flamenco/genesis/fd_genesis_create.c
@@ -153,7 +153,7 @@ genesis_create( void *                       buf,
 
   ulong const stake_account_index = genesis->accounts_len++;
 
-  uchar stake_data[ FD_STAKE_STATE_V2_SZ ];
+  uchar stake_data[ FD_STAKE_STATE_V2_SZ ] = {0};
 
   ulong stake_state_min_bal = fd_rent_exempt_minimum_balance( &genesis->rent, FD_STAKE_STATE_V2_SZ );
   ulong vote_min_bal        = fd_rent_exempt_minimum_balance( &genesis->rent, FD_VOTE_STATE_V3_SZ  );
diff --git a/src/flamenco/types/fd_bincode.h b/src/flamenco/types/fd_bincode.h
@@ -186,11 +186,13 @@ static inline int
 fd_bincode_bytes_encode( uchar const *             self,
                          ulong                     len,
                          fd_bincode_encode_ctx_t * ctx ) {
-  uchar *ptr = (uchar *) ctx->data;
-  if ( FD_UNLIKELY((void *) (ptr + len) > ctx->dataend ) )
+  fd_msan_check( self, len );
+
+  uchar * ptr = (uchar *)ctx->data;
+  if( FD_UNLIKELY( (void *)( ptr+len ) > ctx->dataend ) )
     return FD_BINCODE_ERR_OVERFLOW;
 
-  fd_memcpy(ptr, self, len);
+  fd_memcpy( ptr, self, len );
   ctx->data = ptr + len;
 
   return FD_BINCODE_SUCCESS;
