Skip to content

Commit 3e47e95

Browse files
Jon-BeckerJon-Becker
authored
fix(vm): CODECOPY, CALLDATACOPY, MCOPY size clamping (#572)
1 parent cc25527 commit 3e47e95

File tree

2 files changed

+34
-7
lines changed

2 files changed

+34
-7
lines changed

crates/core/tests/test_decompile.rs

+29-4
Original file line numberDiff line numberDiff line change
@@ -39,13 +39,13 @@ mod integration_tests {
3939
}
4040

4141
#[tokio::test]
42-
async fn test_decompile_u256_conversion_overflow_1() {
42+
async fn test_decompile_edge_case_u256_conversion_overflow_1() {
4343
let rpc_url = std::env::var("RPC_URL").unwrap_or_else(|_| {
4444
println!("RPC_URL not set, skipping test");
4545
std::process::exit(0);
4646
});
4747

48-
let result = decompile(DecompilerArgs {
48+
let _ = decompile(DecompilerArgs {
4949
target: String::from("0x914d7Fec6aaC8cd542e72Bca78B30650d45643d7"),
5050
rpc_url,
5151
default: true,
@@ -64,13 +64,13 @@ mod integration_tests {
6464
}
6565

6666
#[tokio::test]
67-
async fn test_decompile_u256_conversion_overflow_2() {
67+
async fn test_decompile_edge_case_u256_conversion_overflow_2() {
6868
let rpc_url = std::env::var("RPC_URL").unwrap_or_else(|_| {
6969
println!("RPC_URL not set, skipping test");
7070
std::process::exit(0);
7171
});
7272

73-
let result = decompile(DecompilerArgs {
73+
let _ = decompile(DecompilerArgs {
7474
target: String::from("0x5141b82f5ffda4c6fe1e372978f1c5427640a190"),
7575
rpc_url,
7676
default: true,
@@ -88,6 +88,31 @@ mod integration_tests {
8888
.expect("failed to decompile");
8989
}
9090

91+
#[tokio::test]
92+
async fn test_decompile_edge_case_vec_overflow() {
93+
let rpc_url = std::env::var("RPC_URL").unwrap_or_else(|_| {
94+
println!("RPC_URL not set, skipping test");
95+
std::process::exit(0);
96+
});
97+
98+
let _ = decompile(DecompilerArgs {
99+
target: String::from("0x8579970692bf77fafeeb017f07dec9a8fdb4893d"),
100+
rpc_url,
101+
default: true,
102+
skip_resolving: true,
103+
include_solidity: true,
104+
include_yul: false,
105+
output: String::from(""),
106+
name: String::from(""),
107+
timeout: 10000,
108+
abi: None,
109+
openai_api_key: String::from(""),
110+
llm_postprocess: false,
111+
})
112+
.await
113+
.expect("failed to decompile");
114+
}
115+
91116
#[tokio::test]
92117
async fn test_decompile_weth() {
93118
let rpc_url = std::env::var("RPC_URL").unwrap_or_else(|_| {

crates/vm/src/core/vm.rs

+5-3
Original file line numberDiff line numberDiff line change
@@ -908,7 +908,7 @@ impl VM {
908908
// Safely convert U256 to usize, clamping to calldata length
909909
let dest_offset: usize = dest_offset.try_into().unwrap_or(usize::MAX);
910910
let offset: usize = offset.try_into().unwrap_or(usize::MAX);
911-
let size: usize = size.try_into().unwrap_or(usize::MAX);
911+
let size: usize = size.try_into().unwrap_or(self.calldata.len());
912912

913913
// clamp values to calldata length
914914
let end_offset_clamped = offset.saturating_add(size).min(self.calldata.len());
@@ -952,7 +952,7 @@ impl VM {
952952
// Safely convert U256 to usize, clamping to bytecode length
953953
let dest_offset: usize = dest_offset.try_into().unwrap_or(usize::MAX);
954954
let offset: usize = offset.try_into().unwrap_or(usize::MAX);
955-
let size: usize = size.try_into().unwrap_or(usize::MAX);
955+
let size: usize = size.try_into().unwrap_or(self.bytecode.len());
956956

957957
// clamp values to bytecode length
958958
let value_offset_safe = offset.saturating_add(size).min(self.bytecode.len());
@@ -1270,7 +1270,9 @@ impl VM {
12701270
// Safely convert U256 to usize, clamping to memory length
12711271
let dest_offset: usize = dest_offset.try_into().unwrap_or(u128::MAX as usize);
12721272
let offset: usize = offset.try_into().unwrap_or(u128::MAX as usize);
1273-
let size: usize = size.try_into().unwrap_or(u128::MAX as usize);
1273+
let size: usize = size.try_into().unwrap_or(
1274+
self.memory.size().try_into().expect("failed to convert u128 to usize"),
1275+
);
12741276
let value_offset_safe = offset
12751277
.saturating_add(size)
12761278
.min(self.memory.size().try_into().expect("failed to convert u128 to usize"));

0 commit comments

Comments
 (0)