From 6b028701a0dfd239ddfcf9e4d40bfe36414a956f Mon Sep 17 00:00:00 2001 From: chriseth Date: Fri, 21 Oct 2016 12:30:48 +0200 Subject: [PATCH 1/2] Test. --- .../SolidityNameAndTypeResolution.cpp | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/test/libsolidity/SolidityNameAndTypeResolution.cpp b/test/libsolidity/SolidityNameAndTypeResolution.cpp index 44ac1511d..f7ac73aea 100644 --- a/test/libsolidity/SolidityNameAndTypeResolution.cpp +++ b/test/libsolidity/SolidityNameAndTypeResolution.cpp @@ -4175,7 +4175,7 @@ BOOST_AUTO_TEST_CASE(inline_assembly_in_modifier) modifier m { uint a = 1; assembly { - a := 2 + a := 2 } _; } @@ -4193,7 +4193,7 @@ BOOST_AUTO_TEST_CASE(inline_assembly_storage) uint x = 1; function f() { assembly { - x := 2 + x := 2 } } } @@ -4208,7 +4208,7 @@ BOOST_AUTO_TEST_CASE(inline_assembly_storage_in_modifiers) uint x = 1; modifier m { assembly { - x := 2 + x := 2 } _; } @@ -4219,6 +4219,19 @@ BOOST_AUTO_TEST_CASE(inline_assembly_storage_in_modifiers) BOOST_CHECK(expectError(text, false) == Error::Type::DeclarationError); } +BOOST_AUTO_TEST_CASE(invalid_mobile_type) +{ + char const* text = R"( + contract C { + function f() { + // Invalid number + [1, 78901234567890123456789012345678901234567890123456789345678901234567890012345678012345678901234567]; + } + } + )"; + BOOST_CHECK(expectError(text, false) == Error::Type::TypeError); +} + BOOST_AUTO_TEST_SUITE_END() } From f25aa0c68bd8d4c2acf9425c9aba15fc56b16ccc Mon Sep 17 00:00:00 2001 From: chriseth Date: Fri, 21 Oct 2016 12:30:58 +0200 Subject: [PATCH 2/2] More checks for missing mobile type. --- Changelog.md | 3 ++- libsolidity/analysis/TypeChecker.cpp | 18 ++++++++++++++---- libsolidity/ast/Types.cpp | 16 ++++++++++++++-- libsolidity/codegen/CompilerUtils.cpp | 3 +++ libsolidity/codegen/ExpressionCompiler.cpp | 18 +++++++++++++----- 5 files changed, 46 insertions(+), 12 deletions(-) diff --git a/Changelog.md b/Changelog.md index 833c617d2..81d753d9c 100644 --- a/Changelog.md +++ b/Changelog.md @@ -12,7 +12,8 @@ Bugfixes: * Commandline interface: Disallow unknown options in ``solc``. * Name resolver: Allow inheritance of ``enum`` definitions. * Type checker: Proper type checking for bound functions. - * Type checker: fix crash related to invalid fixed point constants + * Type checker: fixed crash related to invalid fixed point constants + * Type checker: fixed crash related to invalid literal numbers. * Code generator: expect zero stack increase after ``super`` as an expression. * Code Generator: fixed an internal compiler error for ``L.Foo`` for ``enum Foo`` defined in library ``L``. * Inline assembly: support the ``address`` opcode. diff --git a/libsolidity/analysis/TypeChecker.cpp b/libsolidity/analysis/TypeChecker.cpp index b5955c8f0..10d24e5a8 100644 --- a/libsolidity/analysis/TypeChecker.cpp +++ b/libsolidity/analysis/TypeChecker.cpp @@ -880,6 +880,10 @@ bool TypeChecker::visit(Conditional const& _conditional) TypePointer trueType = type(_conditional.trueExpression())->mobileType(); TypePointer falseType = type(_conditional.falseExpression())->mobileType(); + if (!trueType) + fatalTypeError(_conditional.trueExpression().location(), "Invalid mobile type."); + if (!falseType) + fatalTypeError(_conditional.falseExpression().location(), "Invalid mobile type."); TypePointer commonType = Type::commonType(trueType, falseType); if (!commonType) @@ -986,10 +990,16 @@ bool TypeChecker::visit(TupleExpression const& _tuple) types.push_back(type(*components[i])); if (_tuple.isInlineArray()) solAssert(!!types[i], "Inline array cannot have empty components"); - if (i == 0 && _tuple.isInlineArray()) - inlineArrayType = types[i]->mobileType(); - else if (_tuple.isInlineArray() && inlineArrayType) - inlineArrayType = Type::commonType(inlineArrayType, types[i]->mobileType()); + if (_tuple.isInlineArray()) + { + if ((i == 0 || inlineArrayType) && !types[i]->mobileType()) + fatalTypeError(components[i]->location(), "Invalid mobile type."); + + if (i == 0) + inlineArrayType = types[i]->mobileType(); + else if (inlineArrayType) + inlineArrayType = Type::commonType(inlineArrayType, types[i]->mobileType()); + } } else types.push_back(TypePointer()); diff --git a/libsolidity/ast/Types.cpp b/libsolidity/ast/Types.cpp index 88bdee9ff..7cfed3c88 100644 --- a/libsolidity/ast/Types.cpp +++ b/libsolidity/ast/Types.cpp @@ -198,7 +198,9 @@ TypePointer Type::forLiteral(Literal const& _literal) TypePointer Type::commonType(TypePointer const& _a, TypePointer const& _b) { - if (_b->isImplicitlyConvertibleTo(*_a)) + if (!_a || !_b) + return TypePointer(); + else if (_b->isImplicitlyConvertibleTo(*_a)) return _a; else if (_a->isImplicitlyConvertibleTo(*_b)) return _b; @@ -1661,7 +1663,17 @@ TypePointer TupleType::mobileType() const { TypePointers mobiles; for (auto const& c: components()) - mobiles.push_back(c ? c->mobileType() : TypePointer()); + { + if (c) + { + auto mt = c->mobileType(); + if (!mt) + return TypePointer(); + mobiles.push_back(mt); + } + else + mobiles.push_back(TypePointer()); + } return make_shared(mobiles); } diff --git a/libsolidity/codegen/CompilerUtils.cpp b/libsolidity/codegen/CompilerUtils.cpp index ec496df8a..e064c1a64 100644 --- a/libsolidity/codegen/CompilerUtils.cpp +++ b/libsolidity/codegen/CompilerUtils.cpp @@ -368,8 +368,11 @@ void CompilerUtils::convertType(Type const& _typeOnStack, Type const& _targetTyp m_context << (u256(1) << (256 - targetBytesType.numBytes() * 8)) << Instruction::MUL; } else if (targetTypeCategory == Type::Category::Enum) + { + solAssert(_typeOnStack.mobileType(), ""); // just clean convertType(_typeOnStack, *_typeOnStack.mobileType(), true); + } else if (targetTypeCategory == Type::Category::FixedPoint) { solAssert( diff --git a/libsolidity/codegen/ExpressionCompiler.cpp b/libsolidity/codegen/ExpressionCompiler.cpp index da3e56cc1..6d54b48be 100644 --- a/libsolidity/codegen/ExpressionCompiler.cpp +++ b/libsolidity/codegen/ExpressionCompiler.cpp @@ -56,8 +56,10 @@ void ExpressionCompiler::appendStateVariableInitialization(VariableDeclaration c if (_varDecl.annotation().type->dataStoredIn(DataLocation::Storage)) { // reference type, only convert value to mobile type and do final conversion in storeValue. - utils().convertType(*type, *type->mobileType()); - type = type->mobileType(); + auto mt = type->mobileType(); + solAssert(mt, ""); + utils().convertType(*type, *mt); + type = mt; } else { @@ -1437,11 +1439,17 @@ void ExpressionCompiler::appendExternalFunctionCall( // Evaluate arguments. TypePointers argumentTypes; TypePointers parameterTypes = _functionType.parameterTypes(); - bool manualFunctionId = + bool manualFunctionId = false; + if ( (funKind == FunctionKind::Bare || funKind == FunctionKind::BareCallCode || funKind == FunctionKind::BareDelegateCall) && - !_arguments.empty() && - _arguments.front()->annotation().type->mobileType()->calldataEncodedSize(false) == + !_arguments.empty() + ) + { + solAssert(_arguments.front()->annotation().type->mobileType(), ""); + manualFunctionId = + _arguments.front()->annotation().type->mobileType()->calldataEncodedSize(false) == CompilerUtils::dataStartOffset; + } if (manualFunctionId) { // If we have a Bare* and the first type has exactly 4 bytes, use it as