mirror of
https://github.com/ethereum/solidity
synced 2023-10-03 13:03:40 +00:00
Bugfix entry regarding nested arrays returned by library functions
This commit is contained in:
parent
e913b753b9
commit
75e38be050
@ -234,6 +234,7 @@ workflows:
|
|||||||
version: 2
|
version: 2
|
||||||
build_all:
|
build_all:
|
||||||
jobs:
|
jobs:
|
||||||
|
- test_buglist: *build_on_tags
|
||||||
- build_emscripten: *build_on_tags
|
- build_emscripten: *build_on_tags
|
||||||
- test_emscripten_solcjs:
|
- test_emscripten_solcjs:
|
||||||
<<: *build_on_tags
|
<<: *build_on_tags
|
||||||
|
@ -17,13 +17,12 @@
|
|||||||
"check": {"ast-compact-json-path": "$..[?(@.nodeType === 'EventDefinition')]..[?(@.nodeType === 'UserDefinedTypeName' && @.typeDescriptions.typeString.startsWith('struct'))]"}
|
"check": {"ast-compact-json-path": "$..[?(@.nodeType === 'EventDefinition')]..[?(@.nodeType === 'UserDefinedTypeName' && @.typeDescriptions.typeString.startsWith('struct'))]"}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "NestedArrayFunctionCallDecoder",
|
"name": "PublicLibFunctionsDoNotReturnNestedArrays",
|
||||||
"summary": "Calling functions that return multi-dimensional fixed-size arrays can result in memory corruption.",
|
"summary": "Calls to public library functions (internal functions are safe) that return nested arrays return only zeroes.",
|
||||||
"description": "If Solidity code calls a function that returns a multi-dimensional fixed-size array, array elements are incorrectly interpreted as memory pointers and thus can cause memory corruption if the return values are accessed. Calling functions with multi-dimensional fixed-size arrays is unaffected as is returning fixed-size arrays from function calls. The regular expression only checks if such functions are present, not if they are called, which is required for the contract to be affected.",
|
"description": "The compiler does not complain about public library functions (internal functions are safe) returning nested arrays, but it also does not return it correctly. Thus, the function caller receives only zeroes.",
|
||||||
"introduced": "0.1.4",
|
"introduced": "0.4.11",
|
||||||
"fixed": "0.4.22",
|
"fixed": "0.4.22",
|
||||||
"severity": "medium",
|
"severity": "low"
|
||||||
"check": {"regex-source": "returns[^;{]*\\[\\s*[^\\] \\t\\r\\n\\v\\f][^\\]]*\\]\\s*\\[\\s*[^\\] \\t\\r\\n\\v\\f][^\\]]*\\][^{;]*[;{]"}
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "OneOfTwoConstructorsSkipped",
|
"name": "OneOfTwoConstructorsSkipped",
|
||||||
@ -33,6 +32,15 @@
|
|||||||
"fixed": "0.4.23",
|
"fixed": "0.4.23",
|
||||||
"severity": "very low"
|
"severity": "very low"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "NestedArrayFunctionCallDecoder",
|
||||||
|
"summary": "Calling functions that return multi-dimensional fixed-size arrays can result in memory corruption.",
|
||||||
|
"description": "If Solidity code calls a function that returns a multi-dimensional fixed-size array, array elements are incorrectly interpreted as memory pointers and thus can cause memory corruption if the return values are accessed. Calling functions with multi-dimensional fixed-size arrays is unaffected as is returning fixed-size arrays from function calls. The regular expression only checks if such functions are present, not if they are called, which is required for the contract to be affected.",
|
||||||
|
"introduced": "0.1.4",
|
||||||
|
"fixed": "0.4.22",
|
||||||
|
"severity": "medium",
|
||||||
|
"check": {"regex-source": "returns[^;{]*\\[\\s*[^\\] \\t\\r\\n\\v\\f][^\\]]*\\]\\s*\\[\\s*[^\\] \\t\\r\\n\\v\\f][^\\]]*\\][^{;]*[;{]"}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "ZeroFunctionSelector",
|
"name": "ZeroFunctionSelector",
|
||||||
"summary": "It is possible to craft the name of a function such that it is executed instead of the fallback function in very specific circumstances.",
|
"summary": "It is possible to craft the name of a function such that it is executed instead of the fallback function in very specific circumstances.",
|
||||||
|
@ -57,14 +57,15 @@ conditions
|
|||||||
means that the optimizer has to be switched on to enable the bug.
|
means that the optimizer has to be switched on to enable the bug.
|
||||||
If no conditions are given, assume that the bug is present.
|
If no conditions are given, assume that the bug is present.
|
||||||
check
|
check
|
||||||
This field contains different checks that report whether the smart contract
|
This field contains different checks that can be used to determine
|
||||||
|
whether a smart contract
|
||||||
contains the bug or not. The first type of check are Javascript regular
|
contains the bug or not. The first type of check are Javascript regular
|
||||||
expressions that are to be matched against the source code ("source-regex")
|
expressions that are to be matched against the source code ("source-regex").
|
||||||
if the bug is present. If there is no match, then the bug is very likely
|
If there is no match, then the bug is very likely
|
||||||
not present. If there is a match, the bug might be present. For improved
|
not present. If there is a match, the bug might be present. For improved
|
||||||
accuracy, the checks should be applied to the source code after stripping
|
accuracy, the checks should be applied to the source code after stripping
|
||||||
comments.
|
comments.
|
||||||
The second type of check are patterns to be checked on the compact AST of
|
The second type of check are patterns to be applied to the compact AST of
|
||||||
the Solidity program ("ast-compact-json-path"). The specified search query
|
the Solidity program ("ast-compact-json-path"). The specified search query
|
||||||
is a `JsonPath <https://github.com/json-path/JsonPath>`_ expression.
|
is a `JsonPath <https://github.com/json-path/JsonPath>`_ expression.
|
||||||
If at least one path of the Solidity AST matches the query, the bug is
|
If at least one path of the Solidity AST matches the query, the bug is
|
||||||
|
@ -384,6 +384,7 @@
|
|||||||
"0.4.11": {
|
"0.4.11": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
|
"PublicLibFunctionsDoNotReturnNestedArrays",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
"ZeroFunctionSelector",
|
"ZeroFunctionSelector",
|
||||||
"DelegateCallReturnValue",
|
"DelegateCallReturnValue",
|
||||||
@ -395,6 +396,7 @@
|
|||||||
"0.4.12": {
|
"0.4.12": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
|
"PublicLibFunctionsDoNotReturnNestedArrays",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
"ZeroFunctionSelector",
|
"ZeroFunctionSelector",
|
||||||
"DelegateCallReturnValue",
|
"DelegateCallReturnValue",
|
||||||
@ -405,6 +407,7 @@
|
|||||||
"0.4.13": {
|
"0.4.13": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
|
"PublicLibFunctionsDoNotReturnNestedArrays",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
"ZeroFunctionSelector",
|
"ZeroFunctionSelector",
|
||||||
"DelegateCallReturnValue",
|
"DelegateCallReturnValue",
|
||||||
@ -415,6 +418,7 @@
|
|||||||
"0.4.14": {
|
"0.4.14": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
|
"PublicLibFunctionsDoNotReturnNestedArrays",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
"ZeroFunctionSelector",
|
"ZeroFunctionSelector",
|
||||||
"DelegateCallReturnValue"
|
"DelegateCallReturnValue"
|
||||||
@ -424,6 +428,7 @@
|
|||||||
"0.4.15": {
|
"0.4.15": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
|
"PublicLibFunctionsDoNotReturnNestedArrays",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
"ZeroFunctionSelector"
|
"ZeroFunctionSelector"
|
||||||
],
|
],
|
||||||
@ -432,6 +437,7 @@
|
|||||||
"0.4.16": {
|
"0.4.16": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
|
"PublicLibFunctionsDoNotReturnNestedArrays",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
"ZeroFunctionSelector"
|
"ZeroFunctionSelector"
|
||||||
],
|
],
|
||||||
@ -441,6 +447,7 @@
|
|||||||
"bugs": [
|
"bugs": [
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"EventStructWrongData",
|
"EventStructWrongData",
|
||||||
|
"PublicLibFunctionsDoNotReturnNestedArrays",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
"ZeroFunctionSelector"
|
"ZeroFunctionSelector"
|
||||||
],
|
],
|
||||||
@ -450,6 +457,7 @@
|
|||||||
"bugs": [
|
"bugs": [
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"EventStructWrongData",
|
"EventStructWrongData",
|
||||||
|
"PublicLibFunctionsDoNotReturnNestedArrays",
|
||||||
"NestedArrayFunctionCallDecoder"
|
"NestedArrayFunctionCallDecoder"
|
||||||
],
|
],
|
||||||
"released": "2017-10-18"
|
"released": "2017-10-18"
|
||||||
@ -458,6 +466,7 @@
|
|||||||
"bugs": [
|
"bugs": [
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"EventStructWrongData",
|
"EventStructWrongData",
|
||||||
|
"PublicLibFunctionsDoNotReturnNestedArrays",
|
||||||
"NestedArrayFunctionCallDecoder"
|
"NestedArrayFunctionCallDecoder"
|
||||||
],
|
],
|
||||||
"released": "2017-11-30"
|
"released": "2017-11-30"
|
||||||
@ -481,6 +490,7 @@
|
|||||||
"bugs": [
|
"bugs": [
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"EventStructWrongData",
|
"EventStructWrongData",
|
||||||
|
"PublicLibFunctionsDoNotReturnNestedArrays",
|
||||||
"NestedArrayFunctionCallDecoder"
|
"NestedArrayFunctionCallDecoder"
|
||||||
],
|
],
|
||||||
"released": "2018-02-14"
|
"released": "2018-02-14"
|
||||||
@ -489,6 +499,7 @@
|
|||||||
"bugs": [
|
"bugs": [
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"EventStructWrongData",
|
"EventStructWrongData",
|
||||||
|
"PublicLibFunctionsDoNotReturnNestedArrays",
|
||||||
"NestedArrayFunctionCallDecoder"
|
"NestedArrayFunctionCallDecoder"
|
||||||
],
|
],
|
||||||
"released": "2018-03-07"
|
"released": "2018-03-07"
|
||||||
|
Loading…
Reference in New Issue
Block a user