Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nested contract creation calls give segmentation fault. #179

Open
mtbar131 opened this issue Jul 24, 2018 · 1 comment
Open

Nested contract creation calls give segmentation fault. #179

mtbar131 opened this issue Jul 24, 2018 · 1 comment
Labels
bug

Comments

@mtbar131
Copy link

We are trying to build a cpp-ethereum like client by using evmjit. However, we are getting segmentation faults when handling a contract creation request which contains bytecode to create another contract.

We have written our callback functions as specified in evmc_context_fn_table structure. When we receive a request which contains a bytecode for nested contract creation the flow goes as follows (verified with gdb):

  1. Our code first calls execute function on evmjit which goes to execute function defined in JIT.cpp:403(This is the top level contract creation call) .
  2. execute function processes the requests and internally calls the function call in JIT.cpp:174.
  3. The call function calls our callback function (defined by the function pointer evm_call_fn) and it also passed a new un-initialized evm_result object to our callback function.
  4. Now we do some pre-processing on our side and again call the execute function on evmjit (This is the nested contract creation call).
  5. This time the execute function completes without going to call function but at the end of execute function it sets the pointer to the ctx.m_memData into optional data field of evm_result. However, note here that this was a contract creation call and optional data uses the create_address field.
  6. When the execute call returns to our callback with successful execution, we set the address of newly created contract into the create_address field of evm_result object. But this over-writes the already stored pointer value
  7. our callback returns to the call function at JIT.cpp:174. This function continues till line 220 where it tries to release the resources of evm_result object but the std::free call obviously fails because value stored in optional data of evm_result is not a valid pointer.

This causes the segmentation fault and even if you somehow avoid segmentation faults it causes memory leaks too because actual ctx.m_memData was never released. Currently we avoid this segmentation fault by calling release on result object before writing create_address field in our callback (step 6), however this is against the evmjit principles that:
1.evm_result object owner should call release on it
2. the object should not be used after calling release on it.
@axic axic added the bug label Aug 27, 2018
@chfast
Copy link
Collaborator

chfast commented Sep 3, 2018

Sorry, I don't have now time to take care of it. Why do you use it anyway?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@axic @chfast @mtbar131