Skip to content

Commit

Permalink
lint and update comment
Browse files Browse the repository at this point in the history
  • Loading branch information
cyberthirst committed Apr 12, 2024
1 parent c8ccd45 commit 9274f29
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 10 deletions.
10 changes: 7 additions & 3 deletions tests/functional/builtins/codegen/test_abi_decode.py
Original file line number Diff line number Diff line change
Expand Up @@ -470,7 +470,8 @@ def test_abi_decode_length_mismatch(get_contract, assert_compile_failed, bad_cod


def test_abi_decode_overflow(w3, tx_failed, get_contract):
# test based on GHSA-9p8r-4xp4-gw5w: https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w#advisory-comment-91841
# test based on GHSA-9p8r-4xp4-gw5w:
# https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w#advisory-comment-91841
# note: doesn't even reach the assert but reverts internally on the clamp in getelemptr
code = """
@external
Expand All @@ -485,7 +486,10 @@ def f(x: Bytes[32 * 3]):
assert decoded_y1 != decoded_y2
"""
c = get_contract(code)
data = "d45754f800000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000060ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa0"
data = "d45754f8"
data += "20".zfill(64)
data += "60".zfill(64)
data += "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa0"
with tx_failed():
w3.eth.send_transaction({"to": c.address, "data": data})

Expand All @@ -510,4 +514,4 @@ def f(x: Bytes[32 * 5]):
data += "40".zfill(64) # inner array head
data += "3".zfill(64) * 4 # inner array payload - length: 3 | idx0: 3 | idx1: 3 | idx2: 3
with tx_failed():
w3.eth.send_transaction({"to": c.address, "data": data})
w3.eth.send_transaction({"to": c.address, "data": data})
10 changes: 3 additions & 7 deletions vyper/codegen/core.py
Original file line number Diff line number Diff line change
Expand Up @@ -468,15 +468,11 @@ def _getelemptr_abi_helper(parent, member_t, ofst, clamp_=True):
with abi_ofst.cache_when_complex("abi_ofst") as (b1, abi_ofst):
bound = parent_abi_t.size_bound()
end = ["add", abi_ofst, member_abi_t.size_bound()]
# head + member_size must be 'le' upper_bound of the parent buffer
# head + member_size must be 'le' than the upper bound of parent buffer
end_clamped = clamp("le", end, bound)
# head + member_size must be 'gt' lower_bound of the parent buffer (no overflow)
# head + member_size must be 'gt' than the head (ie no overflow due to 'add')
end_clamped = ["assert", ["gt", end_clamped, abi_ofst]]
ofst_ir = [
"seq",
end_clamped,
add_ofst(parent, abi_ofst)
]
ofst_ir = ["seq", end_clamped, add_ofst(parent, abi_ofst)]
ofst_ir = b1.resolve(ofst_ir)

return IRnode.from_list(
Expand Down

0 comments on commit 9274f29

Please sign in to comment.