From 082d1d78f04b8b93c2891e42410901f2c4fbdb30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Bylica?= Date: Tue, 3 Aug 2021 09:23:59 +0200 Subject: [PATCH] baseline: Fix incorrect exit after invalid jump To handle invalid jump the implementation targets the byte just after the official code length. For padded code this byte may be uninitialized push data causing unpredictable behavior. The fix is to also init this byte to OP_STOP. --- CHANGELOG.md | 9 +++++++++ lib/evmone/baseline.cpp | 3 ++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c1805acbe3..a1bac4c748 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,14 @@ The format is based on [Keep a Changelog], and this project adheres to [Semantic Versioning]. +## [0.8.1] — unreleased + +### Fixed + +- baseline: Fix incorrect exit after invalid jump. + [#370](https://github.com/ethereum/evmone/pull/370) + + ## [0.8.0] — 2021-07-01 ## Added @@ -265,6 +273,7 @@ It delivers fully-compatible and high-speed EVM implementation. - The [intx 0.2.0](https://github.com/chfast/intx/releases/tag/v0.2.0) library is used for 256-bit precision arithmetic. +[0.8.1]: https://github.com/ethereum/evmone/compare/v0.8.0..release/v0.8.0 [0.8.0]: https://github.com/ethereum/evmone/releases/tag/v0.8.0 [0.7.0]: https://github.com/ethereum/evmone/releases/tag/v0.7.0 [0.6.0]: https://github.com/ethereum/evmone/releases/tag/v0.6.0 diff --git a/lib/evmone/baseline.cpp b/lib/evmone/baseline.cpp index 827abfe0b1..4b293cafa0 100644 --- a/lib/evmone/baseline.cpp +++ b/lib/evmone/baseline.cpp @@ -35,7 +35,8 @@ CodeAnalysis analyze(const uint8_t* code, size_t code_size) // Using "raw" new operator instead of std::make_unique() to get uninitialized array. std::unique_ptr padded_code{new uint8_t[i + 1]}; // +1 for the final STOP. std::copy_n(code, code_size, padded_code.get()); - padded_code[i] = OP_STOP; // Set final STOP at the code end. + padded_code[code_size] = OP_STOP; // Used to terminate invalid jumps, see op_jump(). + padded_code[i] = OP_STOP; // Set final STOP at the code end - guarantees loop termination. // TODO: Using fixed-size padding of 33, the padded code buffer and jumpdest bitmap can be // created with single allocation.