Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix buffer overflow in swap_configurables #274

Merged
merged 7 commits into from
Aug 1, 2024
Merged

Fix buffer overflow in swap_configurables #274

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
3a0b573
init fix
SwayStar123 Jul 30, 2024
49812a5
change changelog pr number and fmt
SwayStar123 Jul 30, 2024
dc2fc8f
add type annotation to bytecode.len
SwayStar123 Jul 30, 2024
2063c20
convert len to u64
SwayStar123 Jul 30, 2024
534d758
add comment
SwayStar123 Aug 1, 2024
a5f5696
Merge branch 'master' into swaystar123-fix-buffer-overflow-bytecode-s…
bitzoic Aug 1, 2024
cd02e99
Merge branch 'master' into swaystar123-fix-buffer-overflow-bytecode-s…
SwayStar123 Aug 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ Description of the upcoming release here.
- [#268](https://github.com/FuelLabs/sway-libs/pull/268) Fixes subtraction involving negative numbers for `I8`, `I16`, `I32`, `I64`, `I128`, and `I256`.
- [#272](https://github.com/FuelLabs/sway-libs/pull/272) Fixes `From` implementations for Signed Integers with `TryFrom`.
- [#273](https://github.com/FuelLabs/sway-libs/pull/273) Fixes negative from implementations for Signed Integers.
- [#274](https://github.com/FuelLabs/sway-libs/pull/274) Fixes the `swap_configurables()` function to correctly handle the case where the bytecode is too large to fit in the buffer.

#### Breaking

Expand Down
3 changes: 3 additions & 0 deletions libs/src/bytecode/utils.sw
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,9 @@ pub fn _swap_configurables(
while configurable_iterator < configurables.len() {
let (offset, data) = configurables.get(configurable_iterator).unwrap();

// Make sure the configurable data doesnt overflow the bytecode
assert(offset + data.len() <= bytecode.len::<u8>());

// Overwrite the configurable data into the bytecode
data
.ptr()
Expand Down
25 changes: 25 additions & 0 deletions tests/src/bytecode/tests/functions/swap_configurables.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,3 +135,28 @@ mod success {
spend_predicate(predicate_instance, wallet).await;
}
}

mod failure {
use super::*;

#[tokio::test]
#[should_panic]
async fn able_to_buffer_overflow() {
let (test_contract_instance, wallet) = test_contract_instance().await;
let (_contract_offset, _predicate_offset, config_value) = defaults();

// Get the bytecode for the contract
let file_bytecode = simple_contract_bytecode();

// Build the configurable changes
let my_configurables = build_simple_configurables(file_bytecode.len() as u64, config_value);

// Call the contract to swap the configurables
let result_bytecode = swap_configurables(
&test_contract_instance,
file_bytecode.clone(),
my_configurables.clone(),
)
.await;
}
}
Loading