From a425284db253e4ff213c19078f15f8b0676df7af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Bylica?= Date: Tue, 3 Aug 2021 09:23:59 +0200 Subject: [PATCH] baseline: Fix incorrect exit after invalid jump To handle invalid jump the implementation targets the byte just after the official code length. For padded code this byte may be uninitialized push data causing unpredictable behavior. The fix is to also init this byte to OP_STOP. --- lib/evmone/baseline.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/evmone/baseline.cpp b/lib/evmone/baseline.cpp index 827abfe0b1..4b293cafa0 100644 --- a/lib/evmone/baseline.cpp +++ b/lib/evmone/baseline.cpp @@ -35,7 +35,8 @@ CodeAnalysis analyze(const uint8_t* code, size_t code_size) // Using "raw" new operator instead of std::make_unique() to get uninitialized array. std::unique_ptr padded_code{new uint8_t[i + 1]}; // +1 for the final STOP. std::copy_n(code, code_size, padded_code.get()); - padded_code[i] = OP_STOP; // Set final STOP at the code end. + padded_code[code_size] = OP_STOP; // Used to terminate invalid jumps, see op_jump(). + padded_code[i] = OP_STOP; // Set final STOP at the code end - guarantees loop termination. // TODO: Using fixed-size padding of 33, the padded code buffer and jumpdest bitmap can be // created with single allocation.