You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are trying to build a cpp-ethereum like client by using evmjit. However, we are getting segmentation faults when handling a contract creation request which contains bytecode to create another contract.
We have written our callback functions as specified in evmc_context_fn_table structure. When we receive a request which contains a bytecode for nested contract creation the flow goes as follows (verified with gdb):
Our code first calls execute function on evmjit which goes to execute function defined in JIT.cpp:403(This is the top level contract creation call) .
execute function processes the requests and internally calls the function call in JIT.cpp:174.
The call function calls our callback function (defined by the function pointer evm_call_fn) and it also passed a new un-initialized evm_result object to our callback function.
Now we do some pre-processing on our side and again call the execute function on evmjit (This is the nested contract creation call).
This time the execute function completes without going to call function but at the end of execute function it sets the pointer to the ctx.m_memData into optional data field of evm_result. However, note here that this was a contract creation call and optional data uses the create_address field.
When the execute call returns to our callback with successful execution, we set the address of newly created contract into the create_address field of evm_result object. But this over-writes the already stored pointer value
our callback returns to the call function at JIT.cpp:174. This function continues till line 220 where it tries to release the resources of evm_result object but the std::free call obviously fails because value stored in optional data of evm_result is not a valid pointer.
This causes the segmentation fault and even if you somehow avoid segmentation faults it causes memory leaks too because actual ctx.m_memData was never released. Currently we avoid this segmentation fault by calling release on result object before writing create_address field in our callback (step 6), however this is against the evmjit principles that:
1.evm_result object owner should call release on it
2. the object should not be used after calling release on it.
The text was updated successfully, but these errors were encountered:
We are trying to build a
cpp-ethereum
like client by using evmjit. However, we are getting segmentation faults when handling a contract creation request which contains bytecode to create another contract.We have written our callback functions as specified in
evmc_context_fn_table
structure. When we receive a request which contains a bytecode for nested contract creation the flow goes as follows (verified with gdb):execute
function onevmjit
which goes toexecute
function defined inJIT.cpp:403
(This is the top level contract creation call) .execute
function processes the requests and internally calls the functioncall
inJIT.cpp:174
.call
function calls our callback function (defined by the function pointerevm_call_fn
) and it also passed a new un-initializedevm_result
object to our callback function.execute
function on evmjit (This is the nested contract creation call).execute
function completes without going tocall
function but at the end ofexecute
function it sets the pointer to thectx.m_memData
into optional data field ofevm_result
. However, note here that this was a contract creation call and optional data uses thecreate_address
field.execute
call returns to our callback with successful execution, we set the address of newly created contract into thecreate_address
field ofevm_result
object. But this over-writes the already stored pointer valuecall
function atJIT.cpp:174
. This function continues till line 220 where it tries torelease
the resources ofevm_result
object but thestd::free
call obviously fails because value stored in optional data ofevm_result
is not a valid pointer.This causes the segmentation fault and even if you somehow avoid segmentation faults it causes memory leaks too because actual
ctx.m_memData
was never released. Currently we avoid this segmentation fault by callingrelease
on result object before writingcreate_address
field in our callback (step 6), however this is against the evmjit principles that:1.
evm_result
object owner should callrelease
on it2. the object should not be used after calling
release
on it.The text was updated successfully, but these errors were encountered: