From ad1e0652f2bd49711be1083aba3eeb62269233ff Mon Sep 17 00:00:00 2001 From: Gianbelinche <39842759+gianbelinche@users.noreply.github.com> Date: Thu, 29 Aug 2024 12:12:26 -0300 Subject: [PATCH] Add mem checks --- .../contracts/EvmInterpreterLoop.template.yul | 6 ++++++ .../contracts/EvmInterpreterPreprocessed.yul | 12 ++++++++++++ 2 files changed, 18 insertions(+) diff --git a/system-contracts/contracts/EvmInterpreterLoop.template.yul b/system-contracts/contracts/EvmInterpreterLoop.template.yul index a6f8f6f6f..b2925c281 100644 --- a/system-contracts/contracts/EvmInterpreterLoop.template.yul +++ b/system-contracts/contracts/EvmInterpreterLoop.template.yul @@ -411,6 +411,7 @@ for { } true { } { size, sp := popStackItemWithoutCheck(sp) checkOverflow(destOffset, size, evmGasLeft) + checkMultipleOverflow(offset, size, MEM_OFFSET_INNER(), evmGasLeft) checkMemOverflowByOffset(add(destOffset,size), evmGasLeft) if gt(add(add(offset, size), MEM_OFFSET_INNER()), MAX_MEMORY_FRAME()) { @@ -453,6 +454,7 @@ for { } true { } { offset := add(add(offset, BYTECODE_OFFSET()), 32) checkOverflow(dst,len, evmGasLeft) + checkOverflow(offset,len, evmGasLeft) checkMemOverflow(add(dst, len), evmGasLeft) // Check bytecode overflow if gt(add(offset, len), sub(MEM_OFFSET(), 1)) { @@ -811,6 +813,8 @@ for { } true { } { offset, sp := popStackItemWithoutCheck(sp) size, sp := popStackItemWithoutCheck(sp) + checkOverflow(offset, size, evmGasLeft) + checkOverflow(destOffset, size, evmGasLeft) checkMemOverflowByOffset(add(offset, size), evmGasLeft) checkMemOverflowByOffset(add(destOffset, size), evmGasLeft) @@ -1403,6 +1407,7 @@ for { } true { } { size, sp := popStackItemWithoutCheck(sp) checkOverflow(offset,size, evmGasLeft) + checkMemOverflowByOffset(add(offset,size), evmGasLeft) evmGasLeft := chargeGas(evmGasLeft,expandMemory(add(offset,size))) returnLen := size @@ -1443,6 +1448,7 @@ for { } true { } { size, sp := popStackItemWithoutCheck(sp) checkOverflow(offset,size, evmGasLeft) + checkMemOverflowByOffset(add(offset, size), evmGasLeft) evmGasLeft := chargeGas(evmGasLeft,expandMemory(add(offset,size))) checkOverflow(offset,MEM_OFFSET_INNER(), evmGasLeft) diff --git a/system-contracts/contracts/EvmInterpreterPreprocessed.yul b/system-contracts/contracts/EvmInterpreterPreprocessed.yul index 0629bd1bd..28794aadc 100644 --- a/system-contracts/contracts/EvmInterpreterPreprocessed.yul +++ b/system-contracts/contracts/EvmInterpreterPreprocessed.yul @@ -1942,6 +1942,7 @@ object "EVMInterpreter" { size, sp := popStackItemWithoutCheck(sp) checkOverflow(destOffset, size, evmGasLeft) + checkMultipleOverflow(offset, size, MEM_OFFSET_INNER(), evmGasLeft) checkMemOverflowByOffset(add(destOffset,size), evmGasLeft) if gt(add(add(offset, size), MEM_OFFSET_INNER()), MAX_MEMORY_FRAME()) { @@ -1984,6 +1985,7 @@ object "EVMInterpreter" { offset := add(add(offset, BYTECODE_OFFSET()), 32) checkOverflow(dst,len, evmGasLeft) + checkOverflow(offset,len, evmGasLeft) checkMemOverflow(add(dst, len), evmGasLeft) // Check bytecode overflow if gt(add(offset, len), sub(MEM_OFFSET(), 1)) { @@ -2342,6 +2344,8 @@ object "EVMInterpreter" { offset, sp := popStackItemWithoutCheck(sp) size, sp := popStackItemWithoutCheck(sp) + checkOverflow(offset, size, evmGasLeft) + checkOverflow(destOffset, size, evmGasLeft) checkMemOverflowByOffset(add(offset, size), evmGasLeft) checkMemOverflowByOffset(add(destOffset, size), evmGasLeft) @@ -2934,6 +2938,7 @@ object "EVMInterpreter" { size, sp := popStackItemWithoutCheck(sp) checkOverflow(offset,size, evmGasLeft) + checkMemOverflowByOffset(add(offset,size), evmGasLeft) evmGasLeft := chargeGas(evmGasLeft,expandMemory(add(offset,size))) returnLen := size @@ -2974,6 +2979,7 @@ object "EVMInterpreter" { size, sp := popStackItemWithoutCheck(sp) checkOverflow(offset,size, evmGasLeft) + checkMemOverflowByOffset(add(offset, size), evmGasLeft) evmGasLeft := chargeGas(evmGasLeft,expandMemory(add(offset,size))) checkOverflow(offset,MEM_OFFSET_INNER(), evmGasLeft) @@ -4899,6 +4905,7 @@ object "EVMInterpreter" { size, sp := popStackItemWithoutCheck(sp) checkOverflow(destOffset, size, evmGasLeft) + checkMultipleOverflow(offset, size, MEM_OFFSET_INNER(), evmGasLeft) checkMemOverflowByOffset(add(destOffset,size), evmGasLeft) if gt(add(add(offset, size), MEM_OFFSET_INNER()), MAX_MEMORY_FRAME()) { @@ -4941,6 +4948,7 @@ object "EVMInterpreter" { offset := add(add(offset, BYTECODE_OFFSET()), 32) checkOverflow(dst,len, evmGasLeft) + checkOverflow(offset,len, evmGasLeft) checkMemOverflow(add(dst, len), evmGasLeft) // Check bytecode overflow if gt(add(offset, len), sub(MEM_OFFSET(), 1)) { @@ -5299,6 +5307,8 @@ object "EVMInterpreter" { offset, sp := popStackItemWithoutCheck(sp) size, sp := popStackItemWithoutCheck(sp) + checkOverflow(offset, size, evmGasLeft) + checkOverflow(destOffset, size, evmGasLeft) checkMemOverflowByOffset(add(offset, size), evmGasLeft) checkMemOverflowByOffset(add(destOffset, size), evmGasLeft) @@ -5891,6 +5901,7 @@ object "EVMInterpreter" { size, sp := popStackItemWithoutCheck(sp) checkOverflow(offset,size, evmGasLeft) + checkMemOverflowByOffset(add(offset,size), evmGasLeft) evmGasLeft := chargeGas(evmGasLeft,expandMemory(add(offset,size))) returnLen := size @@ -5931,6 +5942,7 @@ object "EVMInterpreter" { size, sp := popStackItemWithoutCheck(sp) checkOverflow(offset,size, evmGasLeft) + checkMemOverflowByOffset(add(offset, size), evmGasLeft) evmGasLeft := chargeGas(evmGasLeft,expandMemory(add(offset,size))) checkOverflow(offset,MEM_OFFSET_INNER(), evmGasLeft)