From 681b130dc81fa591be7c4b08200146912b12ffb9 Mon Sep 17 00:00:00 2001 From: chriseth Date: Mon, 31 Oct 2016 16:22:27 +0100 Subject: [PATCH 1/3] Test case for overflow in storage. --- test/libsolidity/SolidityEndToEndTest.cpp | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/test/libsolidity/SolidityEndToEndTest.cpp b/test/libsolidity/SolidityEndToEndTest.cpp index 8ef9a45b9..8600443d7 100644 --- a/test/libsolidity/SolidityEndToEndTest.cpp +++ b/test/libsolidity/SolidityEndToEndTest.cpp @@ -7533,6 +7533,26 @@ BOOST_AUTO_TEST_CASE(inline_assembly_in_modifiers) BOOST_CHECK(callContractFunction("f()") == encodeArgs(true)); } +BOOST_AUTO_TEST_CASE(packed_storage_overflow) +{ + char const* sourceCode = R"( + contract C { + uint16 x = 0x1234; + uint16 a = 0xffff; + uint16 b; + function f() returns (uint, uint, uint, uint) { + a++; + uint c = b; + delete b; + a -= 2; + return (x, c, b, a); + } + } + )"; + compileAndRun(sourceCode, 0, "C"); + BOOST_CHECK(callContractFunction("f()") == encodeArgs(u256(0x1234), u256(0), u256(0), u256(0xfffe))); +} + BOOST_AUTO_TEST_SUITE_END() } From 9920e88eead1b874f7168d7cbc6b63d79c035834 Mon Sep 17 00:00:00 2001 From: chriseth Date: Mon, 31 Oct 2016 16:40:30 +0100 Subject: [PATCH 2/3] Clear all value types prior to storing. --- libsolidity/codegen/LValue.cpp | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/libsolidity/codegen/LValue.cpp b/libsolidity/codegen/LValue.cpp index 553e55189..c1e057923 100644 --- a/libsolidity/codegen/LValue.cpp +++ b/libsolidity/codegen/LValue.cpp @@ -231,10 +231,7 @@ void StorageItem::storeValue(Type const& _sourceType, SourceLocation const& _loc m_context << (u256(0x1) << (256 - 8 * dynamic_cast(*m_dataType).numBytes())) << Instruction::SWAP1 << Instruction::DIV; - else if ( - m_dataType->category() == Type::Category::Integer && - dynamic_cast(*m_dataType).isSigned() - ) + else // remove the higher order bits m_context << (u256(1) << (8 * (32 - m_dataType->storageBytes()))) @@ -242,9 +239,6 @@ void StorageItem::storeValue(Type const& _sourceType, SourceLocation const& _loc << Instruction::DUP2 << Instruction::MUL << Instruction::DIV; - else if (m_dataType->category() == Type::Category::FixedPoint) - // implementation should be very similar to the integer case. - solAssert(false, "Not yet implemented - FixedPointType."); m_context << Instruction::MUL << Instruction::OR; // stack: value storage_ref updated_value m_context << Instruction::SWAP1 << Instruction::SSTORE; From 1427c82c77ecfb1bfba7490ad656dc2ed414873c Mon Sep 17 00:00:00 2001 From: chriseth Date: Mon, 31 Oct 2016 17:10:51 +0100 Subject: [PATCH 3/3] Updated changelog. --- Changelog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Changelog.md b/Changelog.md index 8fa54c818..a14376e10 100644 --- a/Changelog.md +++ b/Changelog.md @@ -4,6 +4,7 @@ Features: Bugfixes: * Type checker: forbid signed exponential that led to an incorrect use of EXP opcode. + * Code generator: properly clean higher order bytes before storing in storage. ### 0.4.3 (2016-10-25)