Skip to content

Commit

Permalink
fix(EVM): Add overflow checks in JUMP and JUMPI opcodes (#1159)
Browse files Browse the repository at this point in the history
  • Loading branch information
@0xVolosnikov
0xVolosnikov authored Dec 20, 2024
1 parent c396c03 commit 0419d3e
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 0 deletions.
20 changes: 20 additions & 0 deletions system-contracts/contracts/EvmEmulator.yul
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2122,6 +2122,11 @@ object "EvmEmulator" {
let counter
counter, sp, stackHead := popStackItem(sp, stackHead)

// Counter certainly can't be bigger than uint64.
if gt(counter, MAX_UINT64()) {
panic()
}

ip := add(BYTECODE_OFFSET(), counter)

// Check next opcode is JUMPDEST
Expand All @@ -2147,6 +2152,11 @@ object "EvmEmulator" {
continue
}

// Counter certainly can't be bigger than uint64.
if gt(counter, MAX_UINT64()) {
panic()
}

ip := add(BYTECODE_OFFSET(), counter)

// Check next opcode is JUMPDEST
Expand Down Expand Up @@ -5250,6 +5260,11 @@ object "EvmEmulator" {
let counter
counter, sp, stackHead := popStackItem(sp, stackHead)

// Counter certainly can't be bigger than uint64.
if gt(counter, MAX_UINT64()) {
panic()
}

ip := add(BYTECODE_OFFSET(), counter)

// Check next opcode is JUMPDEST
Expand All @@ -5275,6 +5290,11 @@ object "EvmEmulator" {
continue
}

// Counter certainly can't be bigger than uint64.
if gt(counter, MAX_UINT64()) {
panic()
}

ip := add(BYTECODE_OFFSET(), counter)

// Check next opcode is JUMPDEST
Expand Down
10 changes: 10 additions & 0 deletions system-contracts/evm-emulator/EvmEmulatorLoop.template.yul
View file
Original file line number Diff line number Diff line change
Expand Up @@ -802,6 +802,11 @@ for { } true { } {
let counter
counter, sp, stackHead := popStackItem(sp, stackHead)

// Counter certainly can't be bigger than uint64.
if gt(counter, MAX_UINT64()) {
panic()
}

ip := add(BYTECODE_OFFSET(), counter)

// Check next opcode is JUMPDEST
Expand All @@ -827,6 +832,11 @@ for { } true { } {
continue
}

// Counter certainly can't be bigger than uint64.
if gt(counter, MAX_UINT64()) {
panic()
}

ip := add(BYTECODE_OFFSET(), counter)

// Check next opcode is JUMPDEST
Expand Down

0 comments on commit 0419d3e

Please sign in to comment.