Merge pull request #4872 from bakaoh/issue4716

Crash when array index value is too large

Changelog.md

@@ -114,6 +114,7 @@ Bugfixes:
  * Type Checker: Report error when using structs in events without experimental ABIEncoderV2. This used to crash or log the wrong values.
  * Type Checker: Report error when using indexed structs in events with experimental ABIEncoderV2. This used to log wrong values.
  * Type Checker: Dynamic types as key for public mappings return error instead of assertion fail.
+ * Type Checker: Fix internal error when array index value is too large.
  * Type System: Allow arbitrary exponents for literals with a mantissa of zero.
  * Parser: Fix incorrect source location for nameless parameters.
 

libsolidity/analysis/TypeChecker.cpp

@@ -2209,12 +2209,13 @@ bool TypeChecker::visit(IndexAccess const& _access)
 		else
 		{
 			expectType(*index, IntegerType(256));
-			if (auto numberType = dynamic_cast<RationalNumberType const*>(type(*index).get()))
-			{
-				if (!numberType->isFractional()) // error is reported above
+			if (!m_errorReporter.hasErrors())
+				if (auto numberType = dynamic_cast<RationalNumberType const*>(type(*index).get()))
+				{
+					solAssert(!numberType->isFractional(), "");
 					if (!actualType.isDynamicallySized() && actualType.length() <= numberType->literalValue(nullptr))
 						m_errorReporter.typeError(_access.location(), "Out of bounds array access.");
-			}
+				}
 		}
 		resultType = actualType.baseType();
 		isLValue = actualType.location() != DataLocation::CallData;

test/libsolidity/syntaxTests/types/array_index_too_large.sol

@@ -0,0 +1,8 @@
+contract C {
+    function f() public returns (string memory) {
+        // this used to cause an internal error
+        return (["zeppelin"][123456789012345678901234567890123456789012345678901234567890123456789012345678]);
+    }
+}
+// ----
+// TypeError: (140-218): Type int_const 1234...(70 digits omitted)...5678 is not implicitly convertible to expected type uint256.