Skip to content
This repository was archived by the owner on Apr 3, 2019. It is now read-only.

Commit b974625

Browse files
EmpactEmpact
committed
Don't mutate the elliptic curve prototype with get* additions
Point's prototype is set to the prototype of ec('secp256k1').curve.point(), which means mutation to it is shared across users of 'elliptic' via the in-memory representation of those objects. This is not generally a problem, for example, with `validate` it's a simple set, so the greatest risk is that it will be directly overwritten. But in the case of `getX` and `getY`, both methods are overwritten with others that depend on the prior implementation as stored in `_get*`. If this happens twice, then the implementation of `_getX` is replaced with something that depends on a call to `_getX`, and the callers is stuck in an infinite loop.
1 parent 8658360 commit b974625

2 files changed

Lines changed: 8 additions & 8 deletions

File tree

bitcore-lib.js

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2084,27 +2084,27 @@ Point.getN = function getN() {
20842084
return new BN(ec.curve.n.toArray());
20852085
};
20862086

2087-
Point.prototype._getX = Point.prototype.getX;
2087+
Point._getX = Point.prototype.getX;
20882088

20892089
/**
20902090
*
20912091
* Will return the X coordinate of the Point
20922092
*
20932093
* @returns {BN} A BN instance of the X coordinate
20942094
*/
2095-
Point.prototype.getX = function getX() {
2095+
Point.getX = function getX() {
20962096
return new BN(this._getX().toArray());
20972097
};
20982098

2099-
Point.prototype._getY = Point.prototype.getY;
2099+
Point._getY = Point.prototype.getY;
21002100

21012101
/**
21022102
*
21032103
* Will return the Y coordinate of the Point
21042104
*
21052105
* @returns {BN} A BN instance of the Y coordinate
21062106
*/
2107-
Point.prototype.getY = function getY() {
2107+
Point.getY = function getY() {
21082108
return new BN(this._getY().toArray());
21092109
};
21102110

lib/crypto/point.js

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -73,27 +73,27 @@ Point.getN = function getN() {
7373
return new BN(ec.curve.n.toArray());
7474
};
7575

76-
Point.prototype._getX = Point.prototype.getX;
76+
Point._getX = Point.prototype.getX;
7777

7878
/**
7979
*
8080
* Will return the X coordinate of the Point
8181
*
8282
* @returns {BN} A BN instance of the X coordinate
8383
*/
84-
Point.prototype.getX = function getX() {
84+
Point.getX = function getX() {
8585
return new BN(this._getX().toArray());
8686
};
8787

88-
Point.prototype._getY = Point.prototype.getY;
88+
Point._getY = Point.prototype.getY;
8989

9090
/**
9191
*
9292
* Will return the Y coordinate of the Point
9393
*
9494
* @returns {BN} A BN instance of the Y coordinate
9595
*/
96-
Point.prototype.getY = function getY() {
96+
Point.getY = function getY() {
9797
return new BN(this._getY().toArray());
9898
};
9999

0 commit comments

Comments
 (0)