-
Notifications
You must be signed in to change notification settings - Fork 302
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
baseline: Fix incorrect exit after invalid jump #370
Conversation
2da37e8
to
07deca0
Compare
50911d4
to
2050135
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, but I would still do something like
std::fill_n(padded_code.get() + code_size, i + 1 - code_size, uint8_t{OP_STOP});
instead.
The overhead is probably low, while it's a guarantee against inconsistent behaviour across different platforms.
Codecov Report
@@ Coverage Diff @@
## release/0.8.0 #370 +/- ##
==============================================
Coverage 99.78% 99.78%
==============================================
Files 30 30
Lines 4144 4153 +9
==============================================
+ Hits 4135 4144 +9
Misses 9 9
Flags with carried forward coverage won't be shown. Click here to find out more.
|
Sounds reasonable, but I have slight preference not to be too defensive. The other bytes may only be used by a PUSH instruction and the very end and the values are not observable. If I'm wrong some fuzzing my discover this what is also good. I also had some issues with We also plan to use fixed-size padding with zeros because it allows single allocation instead of 2 (see TODO comment). So I'm not sure the |
Sure, fair enough, it's good as is now, especially given that you're going to revisit this code. |
To handle invalid jump the implementation targets the byte just after the official code length. For padded code this byte may be uninitialized push data causing unpredictable behavior. The fix is to also init this byte to OP_STOP.
To handle invalid jump the implementation targets the byte just after
the official code length. For padded code this byte may be uninitialized
push data causing unpredictable behavior. The fix is to also init this
byte to OP_STOP.
The bug was detected in erigontech/silkworm#305.
Here two simple unit tests were added which are able to detect the core issue in MSVC/ASan/memcheck builds.