mirror of
https://github.com/ethereum/solidity
synced 2023-10-03 13:03:40 +00:00
Some review suggestions.
This commit is contained in:
parent
91ff02b988
commit
187f0f070d
@ -3,7 +3,7 @@
|
||||
"uid": "SOL-2022-5",
|
||||
"name": "DirtyBytesArrayToStorage",
|
||||
"summary": "Copying ``bytes`` arrays from memory or calldata to storage may result in dirty storage values.",
|
||||
"description": "Copying ``bytes`` arrays from memory or calldata to storage is done in chunks of 32 bytes. Thereby, dirty values in calldata or memory can be written to storage, which may then become observable after a ``.push()`` on the bytes array in storage.",
|
||||
"description": "Copying ``bytes`` arrays from memory or calldata to storage is done in chunks of 32 bytes even if the length is not a multiple of 32. Thereby, extra bytes past the end of the array may be copied from calldata or memory to storage. These dirty bytes may then become observable after a ``.push()`` without arguments to the bytes array in storage, i.e. such a push will not result in a zero value at the end of the array as expected. This bug only affects the legacy code generation pipeline, the new code generation pipeline via IR is not affected.",
|
||||
"link": "https://blog.soliditylang.org/2022/06/15/dirty-bytes-array-to-storage-bug/",
|
||||
"introduced": "0.0.1",
|
||||
"fixed": "0.8.15",
|
||||
|
@ -1,28 +1,28 @@
|
||||
contract C {
|
||||
event ev0(uint[] i0, uint);
|
||||
bytes public s2;
|
||||
function h() external returns (bytes memory) {
|
||||
uint[] memory x = new uint[](2);
|
||||
emit ev0(x, 0x21);
|
||||
bytes memory m = new bytes(63);
|
||||
s2 = m;
|
||||
s2.push();
|
||||
return s2;
|
||||
}
|
||||
function g() external returns (bytes memory) {
|
||||
bytes memory m = new bytes(63);
|
||||
assembly {
|
||||
mstore8(add(m, add(32, 63)), 0x42)
|
||||
event ev(uint[], uint);
|
||||
bytes public s;
|
||||
function h() external returns (bytes memory) {
|
||||
uint[] memory x = new uint[](2);
|
||||
emit ev(x, 0x21);
|
||||
bytes memory m = new bytes(63);
|
||||
s = m;
|
||||
s.push();
|
||||
return s;
|
||||
}
|
||||
function g() external returns (bytes memory) {
|
||||
bytes memory m = new bytes(63);
|
||||
assembly {
|
||||
mstore8(add(m, add(32, 63)), 0x42)
|
||||
}
|
||||
s = m;
|
||||
s.push();
|
||||
return s;
|
||||
}
|
||||
function f(bytes calldata c) external returns (bytes memory) {
|
||||
s = c;
|
||||
s.push();
|
||||
return s;
|
||||
}
|
||||
s2 = m;
|
||||
s2.push();
|
||||
return s2;
|
||||
}
|
||||
function f(bytes calldata c) external returns (bytes memory) {
|
||||
s2 = c;
|
||||
s2.push();
|
||||
return s2;
|
||||
}
|
||||
}
|
||||
// ====
|
||||
// compileViaYul: also
|
||||
@ -32,6 +32,6 @@ contract C {
|
||||
// gas legacy: 731840
|
||||
// gas legacyOptimized: 494859
|
||||
// h() -> 0x20, 0x40, 0x00, 0
|
||||
// ~ emit ev0(uint256[],uint256): 0x40, 0x21, 0x02, 0x00, 0x00
|
||||
// ~ emit ev(uint256[],uint256): 0x40, 0x21, 0x02, 0x00, 0x00
|
||||
// g() -> 0x20, 0x40, 0, 0x00
|
||||
// f(bytes): 0x20, 33, 0, -1 -> 0x20, 0x22, 0, 0xff00000000000000000000000000000000000000000000000000000000000000
|
||||
|
Loading…
Reference in New Issue
Block a user