cerc-io/solidity
10
0
Fork 0
mirror of https://github.com/ethereum/solidity synced 2023-10-03 13:03:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #12484 from ethereum/fix-interpreter-mem-overflow-bug

Browse Source 
Impose stricter upper bound on memory accesses in order to prevent wrap around
This commit is contained in:
chriseth 2022-01-03 19:16:09 +01:00 committed by GitHub
commit c28f85f1e2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
test/tools/yulInterpreter/EVMInstructionInterpreter.cpp
View File

@ -476,7 +476,9 @@ bool EVMInstructionInterpreter::accessMemory(u256 const& _offset, u256 const& _s
{
u256 newSize = (_offset + _size + 0x1f) & ~u256(0x1f);
m_state.msize = max(m_state.msize, newSize);
return _size <= 0xffff;
// We only record accesses to contiguous memory chunks that are at most 0xffff bytes
// in size and at an offset of at most numeric_limits<size_t>::max() - 0xffff
return _size <= 0xffff && _offset <= u256(numeric_limits<size_t>::max() - 0xffff);
}
else
m_state.msize = u256(-1);