cerc-io/solidity
16
0
Fork 0
mirror of https://github.com/ethereum/solidity synced 2023-10-03 13:03:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update bug description, add regex and tests.

Browse Source
This commit is contained in:
chriseth 2018-09-06 17:30:51 +02:00
parent be713ed117
commit 3b7be594cf
3 changed files with 196 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/bugs.json
View File

@ -8,11 +8,12 @@
"severity": "very low"
},
{
"name": "ExpCleanupZero",
"summary": "Using exponentiating with types shorter than 256 bits and zero as base can result in unexpected values.",
"description": "As defined by the EVM, 0 ** 0 is one. Solidity does not always remove dirty higher order bits of types that are smaller than 256 bits before applying an operation because it does not matter if the cleanup is performed before or after the operation. This is true for EXP except for the case where the base is zero, which was overlooked.",
"name": "ExpExponentCleanup",
"summary": "Using the ** operator with an exponent of type shorter than 256 bits can result in unexpected values.",
"description": "Higher order bits in the exponent are not properly cleaned before the EXP opcode is applied if the type of the exponent expression is smaller than 256 bits and not smaller than the type of the base. In that case, the result might be larger than expected if the exponent is assumed to lie within the value range of the type. Literal numbers as exponents are unaffected as are exponents or bases of type uint256.",
"fixed": "0.4.25",
"severity": "high"
"severity": "medium/high",
"check": {"regex-source": "[^/]\\*\\* *[^/0-9 ]"}
},
{
"name": "OneOfTwoConstructorsSkipped",

86
docs/bugs_by_version.json
View File

@ -1,7 +1,7 @@
{
"0.1.0": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
"SkipEmptyStringLiteral",
@ -19,7 +19,7 @@
},
"0.1.1": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
"SkipEmptyStringLiteral",
@ -37,7 +37,7 @@
},
"0.1.2": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
"SkipEmptyStringLiteral",
@ -55,7 +55,7 @@
},
"0.1.3": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
"SkipEmptyStringLiteral",
@ -73,7 +73,7 @@
},
"0.1.4": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
"SkipEmptyStringLiteral",
@ -91,7 +91,7 @@
},
"0.1.5": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
"SkipEmptyStringLiteral",
@ -109,7 +109,7 @@
},
"0.1.6": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
"SkipEmptyStringLiteral",
@ -128,7 +128,7 @@
},
"0.1.7": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
"SkipEmptyStringLiteral",
@ -147,7 +147,7 @@
},
"0.2.0": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
"SkipEmptyStringLiteral",
@ -166,7 +166,7 @@
},
"0.2.1": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
"SkipEmptyStringLiteral",
@ -185,7 +185,7 @@
},
"0.2.2": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
"SkipEmptyStringLiteral",
@ -204,7 +204,7 @@
},
"0.3.0": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",
@ -223,7 +223,7 @@
},
"0.3.1": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",
@ -241,7 +241,7 @@
},
"0.3.2": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",
@ -259,7 +259,7 @@
},
"0.3.3": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",
@ -276,7 +276,7 @@
},
"0.3.4": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",
@ -293,7 +293,7 @@
},
"0.3.5": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",
@ -310,7 +310,7 @@
},
"0.3.6": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",
@ -325,7 +325,7 @@
},
"0.4.0": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",
@ -340,7 +340,7 @@
},
"0.4.1": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",
@ -355,7 +355,7 @@
},
"0.4.10": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",
@ -366,7 +366,7 @@
},
"0.4.11": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",
@ -376,7 +376,7 @@
},
"0.4.12": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput"
@ -385,7 +385,7 @@
},
"0.4.13": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput"
@ -394,7 +394,7 @@
},
"0.4.14": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue"
],
@ -402,14 +402,14 @@
},
"0.4.15": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector"
],
"released": "2017-08-08"
},
"0.4.16": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector"
],
"released": "2017-08-24"
@ -417,7 +417,7 @@
"0.4.17": {
"bugs": [
"EventStructWrongData",
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector"
],
"released": "2017-09-21"
@ -425,20 +425,20 @@
"0.4.18": {
"bugs": [
"EventStructWrongData",
"ExpCleanupZero"
"ExpExponentCleanup"
],
"released": "2017-10-18"
},
"0.4.19": {
"bugs": [
"EventStructWrongData",
"ExpCleanupZero"
"ExpExponentCleanup"
],
"released": "2017-11-30"
},
"0.4.2": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",
@ -453,21 +453,21 @@
"0.4.20": {
"bugs": [
"EventStructWrongData",
"ExpCleanupZero"
"ExpExponentCleanup"
],
"released": "2018-02-14"
},
"0.4.21": {
"bugs": [
"EventStructWrongData",
"ExpCleanupZero"
"ExpExponentCleanup"
],
"released": "2018-03-07"
},
"0.4.22": {
"bugs": [
"EventStructWrongData",
"ExpCleanupZero",
"ExpExponentCleanup",
"OneOfTwoConstructorsSkipped"
],
"released": "2018-04-16"
@ -475,20 +475,20 @@
"0.4.23": {
"bugs": [
"EventStructWrongData",
"ExpCleanupZero"
"ExpExponentCleanup"
],
"released": "2018-04-19"
},
"0.4.24": {
"bugs": [
"EventStructWrongData",
"ExpCleanupZero"
"ExpExponentCleanup"
],
"released": "2018-05-16"
},
"0.4.3": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",
@ -501,7 +501,7 @@
},
"0.4.4": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",
@ -513,7 +513,7 @@
},
"0.4.5": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",
@ -526,7 +526,7 @@
},
"0.4.6": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",
@ -538,7 +538,7 @@
},
"0.4.7": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",
@ -549,7 +549,7 @@
},
"0.4.8": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",
@ -560,7 +560,7 @@
},
"0.4.9": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
"ECRecoverMalformedInput",

148
test/buglist_test_vectors.md Normal file
View File

@ -0,0 +1,148 @@
# NestedArrayFunctionCallDecoder
## buggy
function f() pure returns (uint[2][2]) { }
--
function f() returns (uint[2][2] a) { }
--
function f() returns (uint x, uint[200][2] a) { }
--
function f() returns (uint[200][2] a, uint x) { }
--
function f() returns (uint[200][2] a, uint x);
--
function f() returns (
uint
[
200
]
[2]
a, uint x);
--
function f() returns (
uint
[
ContractName.ConstantName
]
[2]
a, uint x);
## fine
function f() returns (uint[2]) { }
--
function f() public pure returns (uint[2][] a) { }
--
function f() public pure returns (uint[ 2 ] [ ] a) { }
--
function f() public pure returns (uint x, uint[] a) { }
--
function f(uint[2][2]) { }
--
function f() m(uint[2][2]) { }
--
function f() returns (uint, uint) { uint[2][2] memory x; }
# ExpExponentCleanup
## buggy
x ** y
--
x ** uint8(y)
--
x**y
## fine
x ** 2
--
x**2
--
x**200
--
/** bla **/
--
/**/
# EventStructWrongData
## buggy
pragma experimental ABIEncoderV2;
contract C
{
struct S { uint x; }
event E(S);
event F(S);
enum A { B, C }
event G(A);
function f(S s);
}
--
pragma experimental ABIEncoderV2;
contract C
{
struct S { uint x; }
event E(S indexed);
event F(uint, S, bool);
}
## fine
pragma experimental ABIEncoderV2;
contract C
{
struct S { uint x; }
enum A { B, C }
event G(A);
}
--
pragma experimental ABIEncoderV2;
contract C
{
struct S { uint x; }
function f(S s);
S s1;
}