Skip to content
This repository has been archived by the owner on Oct 28, 2021. It is now read-only.

Returndatacopy throws when offset+size is bigger than the size of returndata buffer #4124

Merged
merged 4 commits into from
Jun 12, 2017
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
libevm: RETURNDATACOPY throws when offset+size is more than the size …
…of the returndata buffer
  • Loading branch information
pirapira committed Jun 8, 2017
commit b20614a1ea40fe0bfb8fa97a7f94bca7c93db599
3 changes: 3 additions & 0 deletions libevm/VM.cpp
Original file line number Diff line number Diff line change
@@ -763,6 +763,9 @@ void VM::interpretCases()
{
if (!m_schedule->haveReturnData)
throwBadInstruction();
bigint const endOfAccess{bigint(m_SP[1]) + bigint(m_SP[2])};
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would avoid explicit constructor here to still pretend bigint works like regular int.

bigint const endOfAccess = bigint(m_SP[1]) + bigint(m_SP[2]);

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let me pretend that way.

if (m_returnData.size() < endOfAccess)
throwBufferOverrun(endOfAccess);

m_copyMemSize = toInt63(m_SP[2]);
updateMem(memNeed(m_SP[0], m_SP[2]));
1 change: 1 addition & 0 deletions libevm/VM.h
Original file line number Diff line number Diff line change
@@ -158,6 +158,7 @@ class VM: public VMFace
void throwBadStack(unsigned _removed, unsigned _added);
void throwRevertInstruction(owning_bytes_ref&& _output);
void throwDisallowedStateChange();
void throwBufferOverrun(bigint const& _enfOfAccess);

void reportStackUse();

7 changes: 7 additions & 0 deletions libevm/VMCalls.cpp
Original file line number Diff line number Diff line change
@@ -94,6 +94,13 @@ void VM::throwRevertInstruction(owning_bytes_ref&& _output)
throw RevertInstruction(move(_output));
}

void VM::throwBufferOverrun(bigint const& _endOfAccess)
{
if (m_onFail)
(this->*m_onFail)();
BOOST_THROW_EXCEPTION(BufferOverrun() << RequirementError(_endOfAccess, bigint(m_returnData.size())));
}

int64_t VM::verifyJumpDest(u256 const& _dest, bool _throw)
{
// check for overflow
1 change: 1 addition & 0 deletions libevm/VMFace.h
Original file line number Diff line number Diff line change
@@ -33,6 +33,7 @@ ETH_SIMPLE_EXCEPTION_VM(OutOfGas);
ETH_SIMPLE_EXCEPTION_VM(OutOfStack);
ETH_SIMPLE_EXCEPTION_VM(StackUnderflow);
ETH_SIMPLE_EXCEPTION_VM(DisallowedStateChange);
ETH_SIMPLE_EXCEPTION_VM(BufferOverrun);

struct RevertInstruction: VMException
{