Skip to content

Commit 9491c70

Browse files
GNSPSGNSPS
authored
Fix/critical bounds bug (#40)
* Push critical bounds check fix * Better conditions for bounds bug * Final fix to the bounds bug * Update slice tests to account for overflows
1 parent d36cc46 commit 9491c70

File tree

1 file changed

+100
-0
lines changed

1 file changed

+100
-0
lines changed

test/TestBytesLib2.sol

+100
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@ contract TestBytesLib2 {
1212
bytes storageCheckBytes = hex"aabbccddeeff";
1313
bytes storageCheckBytesZeroLength = hex"";
1414

15+
uint256 constant MAX_UINT = uint256(-1);
16+
1517
/**
1618
* Sanity Checks
1719
*/
@@ -98,6 +100,27 @@ contract TestBytesLib2 {
98100
(r, ) = address(this).call(abi.encodePacked(this.sliceIndexThrow.selector));
99101
Assert.isFalse(r, "Slicing with wrong index should throw");
100102

103+
(r, ) = address(this).call(abi.encodePacked(this.sliceOverflowLength0Throw.selector));
104+
Assert.isFalse(r, "Slicing with overflow in length and _start 0 should throw");
105+
106+
(r, ) = address(this).call(abi.encodePacked(this.sliceOverflowLength1Throw.selector));
107+
Assert.isFalse(r, "Slicing with overflow in length and _start 1 should throw");
108+
109+
(r, ) = address(this).call(abi.encodePacked(this.sliceOverflowLength33Throw.selector));
110+
Assert.isFalse(r, "Slicing with overflow in length and _start 33 should throw");
111+
112+
(r, ) = address(this).call(abi.encodePacked(this.sliceOverflowLengthMinus32Throw.selector));
113+
Assert.isFalse(r, "Slicing with overflow in length minus 32 and _start 1 should throw");
114+
115+
(r, ) = address(this).call(abi.encodePacked(this.sliceOverflowStart0Throw.selector));
116+
Assert.isFalse(r, "Slicing with overflow in _start and length 0 should throw");
117+
118+
(r, ) = address(this).call(abi.encodePacked(this.sliceOverflowStart1Throw.selector));
119+
Assert.isFalse(r, "Slicing with overflow in _start and length 1 should throw");
120+
121+
(r, ) = address(this).call(abi.encodePacked(this.sliceOverflowStart33Throw.selector));
122+
Assert.isFalse(r, "Slicing with overflow in _start and length 33 should throw");
123+
101124
(r, ) = address(this).call(abi.encodePacked(this.sliceLengthThrow.selector));
102125
Assert.isFalse(r, "Slicing with wrong length should throw");
103126
}
@@ -124,6 +147,83 @@ contract TestBytesLib2 {
124147
// This should throw;
125148
}
126149

150+
function sliceOverflowLength0Throw() public pure {
151+
bytes memory memBytes33 = hex"f00d0000000000000000000000000000000000000000000000000000000000feed";
152+
153+
bytes memory testBytes;
154+
bytes memory resultBytes;
155+
156+
testBytes = hex"f00d";
157+
resultBytes = memBytes33.slice(0, MAX_UINT);
158+
// This should throw;
159+
}
160+
161+
function sliceOverflowLength1Throw() public pure {
162+
bytes memory memBytes33 = hex"f00d0000000000000000000000000000000000000000000000000000000000feed";
163+
164+
bytes memory testBytes;
165+
bytes memory resultBytes;
166+
167+
testBytes = hex"f00d";
168+
resultBytes = memBytes33.slice(1, MAX_UINT);
169+
// This should throw;
170+
}
171+
172+
function sliceOverflowLength33Throw() public pure {
173+
bytes memory memBytes33 = hex"f00d0000000000000000000000000000000000000000000000000000000000feed";
174+
175+
bytes memory testBytes;
176+
bytes memory resultBytes;
177+
178+
testBytes = hex"f00d";
179+
resultBytes = memBytes33.slice(33, MAX_UINT);
180+
// This should throw;
181+
}
182+
183+
function sliceOverflowLengthMinus32Throw() public pure {
184+
bytes memory memBytes33 = hex"f00d0000000000000000000000000000000000000000000000000000000000feed";
185+
186+
bytes memory testBytes;
187+
bytes memory resultBytes;
188+
189+
testBytes = hex"f00d";
190+
resultBytes = memBytes33.slice(1, MAX_UINT - 32);
191+
// This should throw;
192+
}
193+
194+
function sliceOverflowStart0Throw() public pure {
195+
bytes memory memBytes33 = hex"f00d0000000000000000000000000000000000000000000000000000000000feed";
196+
197+
bytes memory testBytes;
198+
bytes memory resultBytes;
199+
200+
testBytes = hex"f00d";
201+
resultBytes = memBytes33.slice(MAX_UINT, 0);
202+
// This should throw;
203+
}
204+
205+
function sliceOverflowStart1Throw() public pure {
206+
bytes memory memBytes33 = hex"f00d0000000000000000000000000000000000000000000000000000000000feed";
207+
208+
bytes memory testBytes;
209+
bytes memory resultBytes;
210+
211+
testBytes = hex"f00d";
212+
resultBytes = memBytes33.slice(MAX_UINT, 1);
213+
// This should throw;
214+
}
215+
216+
function sliceOverflowStart33Throw() public pure {
217+
bytes memory memBytes33 = hex"f00d0000000000000000000000000000000000000000000000000000000000feed";
218+
219+
bytes memory testBytes;
220+
bytes memory resultBytes;
221+
222+
testBytes = hex"f00d";
223+
resultBytes = memBytes33.slice(MAX_UINT, 1);
224+
// This should throw;
225+
}
226+
127227
function testToUint8() public {
128228
bytes memory memBytes = hex"f00d20feed";
129229

0 commit comments

Comments
 (0)