From 53db27261c9bed850ceee6b2ff5d1a453386dab1 Mon Sep 17 00:00:00 2001
From: Steven Allen <steven@stebalien.com>
Date: Fri, 2 Aug 2024 14:29:53 -0700
Subject: [PATCH] Reject nil pointers & nil KVs

We'd previously reject the pointers in UnmarshalCBOR, but cbor-gen has
moved on and will now decode null. The KVs are manually decoded and
should never be nil, even now, but... I'm adding the check just to be
extra safe.
---
 hamt.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/hamt.go b/hamt.go
index 42cd90f..18ad99d 100644
--- a/hamt.go
+++ b/hamt.go
@@ -383,6 +383,11 @@ func loadNode(
 	}
 
 	for _, ch := range out.Pointers {
+		if ch == nil {
+			// Cannot have nil pointers.
+			return nil, ErrMalformedHamt
+		}
+
 		isLink := ch.isShard()
 		isBucket := ch.KVs != nil
 		if isLink == isBucket {
@@ -397,6 +402,12 @@ func loadNode(
 			if len(ch.KVs) == 0 || len(ch.KVs) > bucketSize {
 				return nil, ErrMalformedHamt
 			}
+			for _, kv := range ch.KVs {
+				if kv == nil {
+					// Cannot have nil pointers kvs.
+					return nil, ErrMalformedHamt
+				}
+			}
 			for i := 1; i < len(ch.KVs); i++ {
 				if bytes.Compare(ch.KVs[i-1].Key, ch.KVs[i].Key) >= 0 {
 					return nil, ErrMalformedHamt