SEC-22 CALLDATACOPY does not write zero to memory if input data offset exceeds input data size #496
Assignees
Milestone
Comments
|
All methods that I do believe we should add padding in there as well. |
nolash
added a commit
to nolash/go-ethereum
that referenced
this issue
May 4, 2018
nolash
added a commit
to nolash/go-ethereum
that referenced
this issue
May 6, 2018
nolash
added a commit
to nolash/go-ethereum
that referenced
this issue
May 8, 2018
tony-ricciardi
pushed a commit
to tony-ricciardi/go-ethereum
that referenced
this issue
Jan 20, 2022
* Log on ValidatorElections * merge master (ethereum#496) * Check message address against signature (ethereum#477) * Check signing validator's address matches msg address * Add comments about use of sig data in tests * Try fix Circle build test failures * Try fix Circle build test failures, take 2 * tx price heap fix (ethereum#471) * contract_comm/currency/currency.go * fixed the txn price-sorted min-heap * merge master (ethereum#490) * Add precompiles to access validator set (ethereum#441) * set max gas to double of the charged gas for the 'intrinsic' smart contract calls (ethereum#472) * set max gas to double of the charged gas for the 'intrinsic' evm operations * addressed PR comments * addressed pr comment * Adds Prepared Certificates to ensure Istanbul liveness (ethereum#366) * Check message address against signature (ethereum#477) * Check signing validator's address matches msg address * Add comments about use of sig data in tests * Try fix Circle build test failures * Try fix Circle build test failures, take 2 * added new option --use-in-memory-discovery-table (ethereum#479) * added new option --use-in-memory-discovery-table * merge master (ethereum#489) * Adds Prepared Certificates to ensure Istanbul liveness (ethereum#366) * Check message address against signature (ethereum#477) * Check signing validator's address matches msg address * Add comments about use of sig data in tests * Try fix Circle build test failures * Try fix Circle build test failures, take 2 * Allow v4/v5 on a bootnode simultaneously, allow mobile to use discv5 (ethereum#454) * changes for isolating celo networks * changes to get unit tests working * changes to add salt in the discovery packets * removed checking for the ip address when handling a reply * added ping-ip-from-packet option to bootnode * for handling expected replies, don't filter on expected sender ip address if --pingIPFromPacket is used * Add v4 flag * Add unhandled and quicken docker builds * Add salt & logs * Add v4 flag * Add PeerDiscovery to mobile node config * Remove logs * Remove hardcoded bootnodes * Add salt & turn on discv5 * Delete hardcoded eth bootnodes * Make Discoveryv5 configurable * Lint * Add comment to bootnode v4/v5 handling * Change PeerDiscovery -> NoDiscovery * Remove mobile geth no discovery * Reduce istanbul default timeout, cap exp backoff (ethereum#475) * Reduce istanbul default timeout, cap exp backoff * Ensure round 0 timeout factors in block period * Sanitize logs (ethereum#495) * Change registry lookup and infrastructure lookup error logs to debug level * Sanitize logs regarding registry deployment * Change empty abi logging and comment * Lower log level from error to warning for potentially outdated istanbul messages * Change back to an error message * Add input length checks for precompiled contracts (ethereum#476) * add input length checks * check exact input length. add a new error for input length. check input in a few more places * add tests that verify the input-length checks for contracts that don't require an evm instance * fix formatting * add comments to explain input length checks * run the formatter * e2e transfer test was failing because it passes in a transaction options object, making the input larger than 96 bytes * e2e tests have revealed that our precompiled contracts need to be tolerant of inputs that are longer than the bytes that are actually read
maoueh
pushed a commit
to streamingfast/go-ethereum
that referenced
this issue
Jan 6, 2023
tanishqjasoria
pushed a commit
to tanishqjasoria/go-ethereum
that referenced
this issue
Oct 31, 2023
…00000… (ethereum#496) * modexp: disallow len of 0x8000000000000000000000000000000000000000000000000000000000000000 * minor --------- Co-authored-by: HAOYUatHZ <haoyu@protonmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
According to YP definition of CALLDATACOPY (0x37) if the input data offset exceeds the length of the input data size (input data passed with message call or tx (Td) then 0 should be written to memory.
Currently instead of writing 0 there is a no op due to the Set function at https://github.com/ethereum/go-ethereum/blob/develop/vm/memory.go#L14 not doing anything if the length of the write is 0.
Fix: remove the offset argument overflow and ensure data is copied up until the end of input data, and then copy zeroes until the end of the supplied offset.
The text was updated successfully, but these errors were encountered: