EOF: Assert against overflow in header.data_offset (#891)

While working on #878 I noticed the offset calculation in validate_header can overflow the uint16, if the _declared_ sizes of container sections are large. Currently there is no upper limit on container size in validation (there's only the indirect limit imposed by max_initcode_size), so there can be a large container, which has a subcontainer of size 0xffff, and will have it's `data_offset` not fit the uint16. We have 2 tests which happened to run into this, but the problem was masked (the data_offset was just really tiny, despite the container had a huge subcontainer, but it was never used, and the check for stray data wasn't affected by the overflow). I adjust them so (IMO) they still test what they're supposed to test, but not overflow.
ethereum · May 24, 2024 · 633f696 · 633f696
1 parent 7f65121
commit 633f696
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 10 deletions.
diff --git a/lib/evmone/eof.cpp b/lib/evmone/eof.cpp
@@ -296,6 +296,8 @@ std::variant<EOF1Header, EOFValidationError> validate_header(
         container_offsets.emplace_back(static_cast<uint16_t>(offset));
         offset += container_size;
     }
+    // NOTE: assertion always satisfied only as long as initcode limits apply (48K).
+    assert(offset <= std::numeric_limits<uint16_t>::max());
     const auto data_offset = static_cast<uint16_t>(offset);
 
     return EOF1Header{

diff --git a/test/unittests/eof_validation_test.cpp b/test/unittests/eof_validation_test.cpp
@@ -1205,9 +1205,12 @@ TEST_F(eof_validation, EOF1_subcontainer_containing_unreachable_code_sections)
 
 TEST_F(eof_validation, max_nested_containers)
 {
-    bytecode code = eof_bytecode(OP_INVALID);
-    while (code.size() <= std::numeric_limits<uint16_t>::max())
-        code = eof_bytecode(OP_INVALID).container(code);
-
+    bytecode code{};
+    bytecode nextcode = eof_bytecode(OP_INVALID);
+    while (nextcode.size() <= std::numeric_limits<uint16_t>::max())
+    {
+        code = nextcode;
+        nextcode = eof_bytecode(OP_INVALID).container(nextcode);
+    }
     add_test_case(code, EOFValidationError::success);
 }
diff --git a/test/unittests/state_transition_eof_create_test.cpp b/test/unittests/state_transition_eof_create_test.cpp
@@ -715,18 +715,18 @@ TEST_F(state_transition, eofcreate_not_enough_gas_for_initcode_charge)
 
     const auto init_code = returncontract(0, 0, 0);
     auto init_container = eof_bytecode(init_code, 2).container(deploy_container);
-    // add max size data
-    const auto init_data =
-        bytes(std::numeric_limits<uint16_t>::max() - bytecode(init_container).size(), 0);
-    init_container.data(init_data);
-    EXPECT_EQ(bytecode(init_container).size(), std::numeric_limits<uint16_t>::max());
+    const uint16_t init_data_size = std::numeric_limits<uint16_t>::max() / 2 -
+                                    static_cast<uint16_t>(bytecode(init_container).size());
+    const auto init_data = bytes(init_data_size, 0);
+    init_container.data(init_data, init_data_size);
+    EXPECT_EQ(bytecode(init_container).size(), std::numeric_limits<uint16_t>::max() / 2);
 
     const auto factory_code = sstore(0, eofcreate().container(0).salt(Salt)) + OP_STOP;
     const auto factory_container = eof_bytecode(factory_code, 4).container(init_container);
 
     tx.to = To;
     // tx intrinsic cost + EOFCREATE cost + initcode charge - not enough for pushes before EOFCREATE
-    tx.gas_limit = 21'000 + 32'000 + (std::numeric_limits<uint16_t>::max() + 31) / 32 * 6;
+    tx.gas_limit = 21'000 + 32'000 + (std::numeric_limits<uint16_t>::max() / 2 + 31) / 32 * 6;
 
     pre.insert(*tx.to, {.nonce = 1, .code = factory_container});