polygon-edge icon indicating copy to clipboard operation
polygon-edge copied to clipboard
verified publisher icon 0xPolygon

EVM-69 Fix panic issue in opReturnDataCopy

Open Kourin1996 opened this issue 3 years ago • 4 comments

Description

This PR fixes the issue that may cause panic in opReturnDataCopy. dataOffset is expected to be uint64 value but this function doesn't check the negativity before using. This PR adds such a check.

In addition, this PR change the order of checks in checkMemory function because it always passes when the size argument is zero, even thought offset is negative

Changes include

  • [x] Bugfix (non-breaking change that solves an issue)
  • [ ] Hotfix (change that solves an urgent issue, and requires immediate attention)
  • [ ] New feature (non-breaking change that adds functionality)
  • [ ] Breaking change (change that is not backwards-compatible and/or changes current functionality)

Breaking changes

Please complete this section if any breaking changes have been made, otherwise delete it

Checklist

  • [x] I have assigned this PR to myself
  • [x] I have added at least 1 reviewer
  • [x] I have added the relevant labels
  • [ ] I have updated the official documentation
  • [x] I have added sufficient documentation in code

Testing

  • [x] I have tested this code with the official test suite
  • [ ] I have tested this code manually

Manual tests

Please complete this section if you ran manual tests for this functionality, otherwise delete it

Documentation update

Please link the documentation update PR in this section if it's present, otherwise delete it

Additional comments

Please post additional comments in this section if you have them, otherwise delete it

Kourin1996 avatar Oct 06 '22 11:10 Kourin1996

Codecov Report

Merging #778 (87d7d41) into develop (690b4b4) will decrease coverage by 0.01%. The diff coverage is 40.00%.

@@             Coverage Diff             @@
##           develop     #778      +/-   ##
===========================================
- Coverage    52.70%   52.69%   -0.02%     
===========================================
  Files          130      132       +2     
  Lines        17146    17481     +335     
===========================================
+ Hits          9037     9211     +174     
- Misses        7461     7605     +144     
- Partials       648      665      +17
Impacted Files Coverage Δ
state/runtime/evm/state.go 64.82% <33.33%> (+2.51%) :arrow_up:
state/runtime/evm/instructions.go 15.80% <38.88%> (+2.01%) :arrow_up:
jsonrpc/jsonrpc.go 25.53% <100.00%> (+7.29%) :arrow_up:
state/txn.go 19.76% <0.00%> (-0.10%) :arrow_down:
state/executor.go 3.86% <0.00%> (-0.08%) :arrow_down:
helper/predeployment/argparser.go 55.48% <0.00%> (ø)
helper/predeployment/predeployment.go 0.00% <0.00%> (ø)
jsonrpc/dispatcher.go 55.00% <0.00%> (+1.17%) :arrow_up:
... and 3 more

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more

codecov[bot] avatar Oct 06 '22 15:10 codecov[bot]

Should this check be implemented in the other instructions that have a dataOffset?

ferranbt avatar Oct 07 '22 12:10 ferranbt

Should this check be implemented in the other instructions that have a dataOffset?

Are you asking whether we need to do such a check in other instructions? Basically checkMemory checks the negativities but this instruction didn't check all of values.

I did quick check and other instructions check the negativities.

Kourin1996 avatar Oct 10 '22 13:10 Kourin1996

@zivkovicmilos Renamed and added comment 87d7d41e9a629b12f714bb5f0f37c21de2108e3b

Kourin1996 avatar Oct 11 '22 11:10 Kourin1996