From 9855f035e00f84d99844e979ac14967e8bb952cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Grzegorz=20=C5=9Awirski?= <grzegorz@swirski.name>
Date: Wed, 16 Apr 2025 10:02:39 +0200
Subject: [PATCH] return a deserialization error if too many empty nodes
 detected

---
 miden-crypto/src/merkle/sparse_path.rs | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/miden-crypto/src/merkle/sparse_path.rs b/miden-crypto/src/merkle/sparse_path.rs
index 2b25222..b59077e 100644
--- a/miden-crypto/src/merkle/sparse_path.rs
+++ b/miden-crypto/src/merkle/sparse_path.rs
@@ -195,8 +195,21 @@ impl Deserializable for SparseMerklePath {
         source: &mut R,
     ) -> Result<Self, DeserializationError> {
         let depth = source.read_u8()?;
+        if depth > SMT_MAX_DEPTH {
+            return Err(DeserializationError::InvalidValue(format!(
+                "SparseMerklePath max depth exceeded ({} > {})",
+                depth, SMT_MAX_DEPTH
+            )));
+        }
         let empty_nodes_mask = source.read_u64()?;
-        let count = depth as u32 - empty_nodes_mask.count_ones();
+        let empty_nodes_count = empty_nodes_mask.count_ones();
+        if empty_nodes_count > depth as u32 {
+            return Err(DeserializationError::InvalidValue(format!(
+                "SparseMerklePath has more empty nodes ({}) than its full length ({})",
+                empty_nodes_count, depth
+            )));
+        }
+        let count = depth as u32 - empty_nodes_count;
         let nodes = source.read_many::<RpoDigest>(count as usize)?;
         Ok(Self { empty_nodes_mask, nodes })
     }