Missing array index OOB check #877

g-r-a-n-t · 2023-04-21T22:59:23Z

What is wrong?

See the following code:

fe/crates/tests/fixtures/files/arrays.fe

Lines 68 to 102 in 7054185

 // The following tests does not pass due absent runtime check. 

 // Obviously this couild also be a compile-time check. 

 // 

 // contract ArrayIndexOobStatic { 

 // pub unsafe fn __call__() { 

 // let mut my_array: Array<u256, 4> = [0, 1, 2, 3] 

 // evm::sstore(offset: 0, value: my_array[26]) 

 // } 

 // } 

 // #test 

 // unsafe fn test_array_oob_static() { 

 // let mut ctx: Context = Context() 

 // let array_index_oob: ArrayIndexOobStatic = ArrayIndexOobStatic.create(ctx, value: 0) 

 // let expected_revert_data: Array<u8, 36> = [78, 72, 123, 113, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 50] 

 // // verify that the call reverts 

 // assert evm::call( 

 // gas: CALL_GAS, 

 // addr: address(array_index_oob), 

 // value: 0, 

 // input_offset: 0, 

 // input_len: 0, 

 // output_offset: FREE_MEM_PTR, 

 // output_len: 36 

 // ) == 0 

 // // check the revert data 

 // let mut offset: u256 = FREE_MEM_PTR 

 // for expected_byte in expected_revert_data { 

 // assert evm::shr(248, evm::mload(offset)) == expected_byte 

 // offset += 1 

 // } 

 // }

How can it be fixed

Add a compile-time check for array indices.

g-r-a-n-t added type: bug comp: analyzer Everything that involves the analyzer pass labels Apr 22, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Missing array index OOB check #877

Missing array index OOB check #877

g-r-a-n-t commented Apr 21, 2023

Missing array index OOB check #877

Missing array index OOB check #877

Comments

g-r-a-n-t commented Apr 21, 2023

What is wrong?

How can it be fixed