Skip to content

Commit

Permalink
Transpile 26b4b60
Browse files Browse the repository at this point in the history
  • Loading branch information
@github-actions
github-actions[bot] committed Feb 29, 2024
1 parent f542046 commit 1ff54db
Show file tree
Hide file tree
Showing 6 changed files with 51 additions and 4 deletions.
5 changes: 5 additions & 0 deletions .changeset/warm-geese-dance.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'openzeppelin-solidity': patch
---

`Base64`: Fix issue where dirty memory located just after the input buffer is affecting the result.
25 changes: 25 additions & 0 deletions contracts/mocks/Base64DirtyUpgradeable.sol
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;

import {Base64} from "@openzeppelin/contracts/utils/Base64.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";

contract Base64DirtyUpgradeable is Initializable {
struct A {
uint256 value;
}

function __Base64Dirty_init() internal onlyInitializing {
}

function __Base64Dirty_init_unchained() internal onlyInitializing {
}
function encode(bytes memory input) public pure returns (string memory) {
A memory unused = A({value: type(uint256).max});
// To silence warning
unused;

return Base64.encode(input);
}
}
7 changes: 7 additions & 0 deletions contracts/mocks/WithInit.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,13 @@ contract AuthoritiyObserveIsConsumingUpgradeableWithInit is AuthoritiyObserveIsC
__AuthoritiyObserveIsConsuming_init();
}
}
import "./Base64DirtyUpgradeable.sol";

contract Base64DirtyUpgradeableWithInit is Base64DirtyUpgradeable {
constructor() payable initializer {
__Base64Dirty_init();
}
}
import "./CallReceiverMockUpgradeable.sol";

contract CallReceiverMockUpgradeableWithInit is CallReceiverMockUpgradeable {
Expand Down
2 changes: 1 addition & 1 deletion lib/openzeppelin-contracts
Submodule openzeppelin-contracts updated 5 files
+5 −0 .changeset/warm-geese-dance.md
+19 −0 contracts/mocks/Base64Dirty.sol
+18 −9 contracts/utils/Base64.sol
+2 −2 package-lock.json
+11 −1 test/utils/Base64.test.js
4 changes: 2 additions & 2 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 11 additions & 1 deletion test/utils/Base64.test.js
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
const { expect } = require('chai');

const Base64 = artifacts.require('$Base64');
const Base64Dirty = artifacts.require('$Base64Dirty');

contract('Strings', function () {
contract('Base64', function () {
beforeEach(async function () {
this.base64 = await Base64.new();
});
Expand Down Expand Up @@ -30,4 +31,13 @@ contract('Strings', function () {
expect(await this.base64.$encode([])).to.equal('');
});
});

it('Encode reads beyond the input buffer into dirty memory', async function () {
const mock = await Base64Dirty.new();
const buffer32 = Buffer.from(web3.utils.soliditySha3('example').replace(/0x/, ''), 'hex');
const buffer31 = buffer32.slice(0, -2);

expect(await mock.encode(buffer31)).to.equal(buffer31.toString('base64'));
expect(await mock.encode(buffer32)).to.equal(buffer32.toString('base64'));
});
});

0 comments on commit 1ff54db

Please sign in to comment.