From 884e7cbffc3e0acdfa6747aa6397f02dd8dade9a Mon Sep 17 00:00:00 2001 From: Mathias Baumann Date: Tue, 26 May 2020 19:04:59 +0200 Subject: [PATCH] Fix ICE when trying to decode too large static arrays --- Changelog.md | 1 + libsolidity/analysis/TypeChecker.cpp | 12 ++++++++++++ .../array/length/abi_decode_length_too_large.sol | 8 ++++++++ 3 files changed, 21 insertions(+) create mode 100644 test/libsolidity/syntaxTests/array/length/abi_decode_length_too_large.sol diff --git a/Changelog.md b/Changelog.md index 381d9eaae..6159c62ae 100644 --- a/Changelog.md +++ b/Changelog.md @@ -14,6 +14,7 @@ Bugfixes: * Optimizer: Fixed a bug in BlockDeDuplicator. * Type Checker: Disallow assignments to storage variables of type ``mapping``. * Type Checker: Fix internal compiler error when accessing members of array slices. + * Type Checker: Fix internal compiler error when trying to decode too large static arrays. * NatSpec: DocString block is terminated when encountering an empty line. * Scanner: Fix bug when two empty NatSpec comments lead to scanning past EOL. * Code Generator: Trigger proper unimplemented errors on certain array copy operations. diff --git a/libsolidity/analysis/TypeChecker.cpp b/libsolidity/analysis/TypeChecker.cpp index 86961bfda..d9c1dfd62 100644 --- a/libsolidity/analysis/TypeChecker.cpp +++ b/libsolidity/analysis/TypeChecker.cpp @@ -193,6 +193,18 @@ TypePointers TypeChecker::typeCheckABIDecodeAndRetrieveReturnType(FunctionCall c typeArgument->location(), "Decoding type " + actualType->toString(false) + " not supported." ); + + if (auto referenceType = dynamic_cast(actualType)) + { + auto result = referenceType->validForLocation(referenceType->location()); + if (!result) + m_errorReporter.typeError( + 6118_error, + typeArgument->location(), + result.message() + ); + } + components.push_back(actualType); } else diff --git a/test/libsolidity/syntaxTests/array/length/abi_decode_length_too_large.sol b/test/libsolidity/syntaxTests/array/length/abi_decode_length_too_large.sol new file mode 100644 index 000000000..f16ebadae --- /dev/null +++ b/test/libsolidity/syntaxTests/array/length/abi_decode_length_too_large.sol @@ -0,0 +1,8 @@ +// Used to cause ICE +contract C { + function f() public { + abi.decode("", (byte[999999999])); + } +} +// ---- +// TypeError: (75-90): Type too large for memory.