cerc-io/solidity
16
0
Fork 0
mirror of https://github.com/ethereum/solidity synced 2023-10-03 13:03:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update bug description, add regex and tests.

Browse Source
This commit is contained in:
chriseth 2018-09-06 17:30:51 +02:00
parent b84a1b390b
commit 9f6a12eeb5
3 changed files with 83 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docs/bugs.json
View File

@ -1,10 +1,11 @@
[
{
"name": "ExpCleanupZero",
"summary": "Using exponentiating with types shorter than 256 bits and zero as base can result in unexpected values.",
"description": "As defined by the EVM, 0 ** 0 is one. Solidity does not always remove dirty higher order bits of types that are smaller than 256 bits before applying an operation because it does not matter if the cleanup is performed before or after the operation. This is true for EXP except for the case where the base is zero, which was overlooked.",
"fixed": "0.5.0",
"severity": "high"
"name": "ExpExponentCleanup",
"summary": "Using the ** operator with an exponent of type shorter than 256 bits can result in unexpected values.",
"description": "Higher order bits in the exponent are not properly cleaned before the EXP opcode is applied if the type of the exponent expression is smaller than 256 bits and not smaller than the type of the base. In that case, the result might be larger than expected if the exponent is assumed to lie within the value range of the type. Literal numbers as exponents are unaffected as are exponents or bases of type uint256.",
"fixed": "0.4.25",
"severity": "medium/high",
"check": {"regex-source": "[^/]\\*\\* *[^/0-9 ]"}
},
{
"name": "EventStructWrongData",

86
docs/bugs_by_version.json
View File

@ -1,7 +1,7 @@
{
"0.1.0": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
"SkipEmptyStringLiteral",
@ -19,7 +19,7 @@
},
"0.1.1": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
"SkipEmptyStringLiteral",
@ -37,7 +37,7 @@
},
"0.1.2": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
"SkipEmptyStringLiteral",
@ -55,7 +55,7 @@
},
"0.1.3": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
"SkipEmptyStringLiteral",
@ -73,7 +73,7 @@
},
"0.1.4": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
@ -92,7 +92,7 @@
},
"0.1.5": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
@ -111,7 +111,7 @@
},
"0.1.6": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
@ -131,7 +131,7 @@
},
"0.1.7": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
@ -151,7 +151,7 @@
},
"0.2.0": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
@ -171,7 +171,7 @@
},
"0.2.1": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
@ -191,7 +191,7 @@
},
"0.2.2": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"ECRecoverMalformedInput",
@ -211,7 +211,7 @@
},
"0.3.0": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -231,7 +231,7 @@
},
"0.3.1": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -250,7 +250,7 @@
},
"0.3.2": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -269,7 +269,7 @@
},
"0.3.3": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -287,7 +287,7 @@
},
"0.3.4": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -305,7 +305,7 @@
},
"0.3.5": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -323,7 +323,7 @@
},
"0.3.6": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -339,7 +339,7 @@
},
"0.4.0": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -355,7 +355,7 @@
},
"0.4.1": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -371,7 +371,7 @@
},
"0.4.10": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -383,7 +383,7 @@
},
"0.4.11": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -394,7 +394,7 @@
},
"0.4.12": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -404,7 +404,7 @@
},
"0.4.13": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -414,7 +414,7 @@
},
"0.4.14": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue"
@ -423,7 +423,7 @@
},
"0.4.15": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector"
],
@ -431,7 +431,7 @@
},
"0.4.16": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector"
],
@ -439,7 +439,7 @@
},
"0.4.17": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"EventStructWrongData",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector"
@ -448,7 +448,7 @@
},
"0.4.18": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"EventStructWrongData",
"NestedArrayFunctionCallDecoder"
],
@ -456,7 +456,7 @@
},
"0.4.19": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"EventStructWrongData",
"NestedArrayFunctionCallDecoder"
],
@ -464,7 +464,7 @@
},
"0.4.2": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -479,7 +479,7 @@
},
"0.4.20": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"EventStructWrongData",
"NestedArrayFunctionCallDecoder"
],
@ -487,7 +487,7 @@
},
"0.4.21": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"EventStructWrongData",
"NestedArrayFunctionCallDecoder"
],
@ -495,7 +495,7 @@
},
"0.4.22": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"EventStructWrongData",
"OneOfTwoConstructorsSkipped"
],
@ -503,21 +503,21 @@
},
"0.4.23": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"EventStructWrongData"
],
"released": "2018-04-19"
},
"0.4.24": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"EventStructWrongData"
],
"released": "2018-05-16"
},
"0.4.3": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -531,7 +531,7 @@
},
"0.4.4": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -544,7 +544,7 @@
},
"0.4.5": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -558,7 +558,7 @@
},
"0.4.6": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -571,7 +571,7 @@
},
"0.4.7": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -583,7 +583,7 @@
},
"0.4.8": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",
@ -595,7 +595,7 @@
},
"0.4.9": {
"bugs": [
"ExpCleanupZero",
"ExpExponentCleanup",
"NestedArrayFunctionCallDecoder",
"ZeroFunctionSelector",
"DelegateCallReturnValue",

34
test/buglist_test_vectors.md
View File

@ -68,6 +68,40 @@ function f() m(uint[2][2]) { }
function f() returns (uint, uint) { uint[2][2] memory x; }
# ExpExponentCleanup
## buggy
x ** y
--
x ** uint8(y)
--
x**y
## fine
x ** 2
--
x**2
--
x**200
--
/** bla **/
--
/**/
# EventStructWrongData
## buggy