From a5b5f88fe2a2f4c7968dbcad977895299391282d Mon Sep 17 00:00:00 2001 From: Anna Shaleva Date: Mon, 6 Jun 2022 11:41:28 +0300 Subject: [PATCH 1/2] core: doesn't allow to deploy contract with invalid method offset This commit partially reverts 16bf7c1426bb88b371b08a26abb911fd953556ce. --- pkg/core/native/management.go | 2 +- pkg/core/native/native_test/management_test.go | 12 ++---------- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/pkg/core/native/management.go b/pkg/core/native/management.go index eee25bef6..3adc703ed 100644 --- a/pkg/core/native/management.go +++ b/pkg/core/native/management.go @@ -614,7 +614,7 @@ func checkScriptAndMethods(script []byte, methods []manifest.Method) error { offsets := bitfield.New(l) for i := range methods { if methods[i].Offset >= l { - continue + return fmt.Errorf("method %s/%d: offset is out of the script range", methods[i].Name, len(methods[i].Parameters)) } offsets.Set(methods[i].Offset) } diff --git a/pkg/core/native/native_test/management_test.go b/pkg/core/native/native_test/management_test.go index 4f2eb3507..ffbc9f37a 100644 --- a/pkg/core/native/native_test/management_test.go +++ b/pkg/core/native/native_test/management_test.go @@ -135,19 +135,11 @@ func TestManagement_ContractDeploy(t *testing.T) { badManifest := cs1.Manifest badManifest.ABI.Methods = make([]manifest.Method, len(cs1.Manifest.ABI.Methods)) copy(badManifest.ABI.Methods, cs1.Manifest.ABI.Methods) - badManifest.ABI.Methods[0].Offset = 100500 // out of bounds, but it's OK, this method will not be checked then. + badManifest.ABI.Methods[0].Offset = 100500 // out of bounds manifB, err := json.Marshal(&badManifest) require.NoError(t, err) - tx := c.PrepareInvokeNoSign(t, "deploy", nefBytes, manifB) - tx.Signers = []transaction.Signer{{}} // Need dummy signer to deploy. - b := c.NewUnsignedBlock(t, tx) - ic := c.Chain.GetTestVM(trigger.Application, tx, b) - t.Cleanup(ic.Finalize) - - ic.VM.LoadWithFlags(tx.Script, callflag.All) - err = ic.VM.Run() - require.NoError(t, err) + managementInvoker.InvokeFail(t, "method add/2: offset is out of the script range", "deploy", nefBytes, manifB) }) t.Run("bad methods in manifest 2", func(t *testing.T) { var badManifest = cs1.Manifest From 1005c1f7dbb0f2d96c48e3d9e314d072f72bde5d Mon Sep 17 00:00:00 2001 From: Anna Shaleva Date: Mon, 6 Jun 2022 11:52:26 +0300 Subject: [PATCH 2/2] vm: forbid jumping out of the script bounds --- pkg/vm/context.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/vm/context.go b/pkg/vm/context.go index c468e115e..5cdbf9a4c 100644 --- a/pkg/vm/context.go +++ b/pkg/vm/context.go @@ -91,7 +91,7 @@ func (c *Context) NextIP() int { // Jump unconditionally moves the next instruction pointer to the specified location. func (c *Context) Jump(pos int) { - if pos < 0 || pos > len(c.prog) { + if pos < 0 || pos >= len(c.prog) { panic("instruction offset is out of range") } c.nextip = pos