Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Incorrect struct array processing in sol compiler may cause solc stack overflow #4483

Closed
zhongyinglou opened this Issue Jul 11, 2018 · 2 comments

Comments

Projects
3 participants
@zhongyinglou
Copy link

zhongyinglou commented Jul 11, 2018

Incorrect struct array processing in sol compiler may cause solc stack overflow leading possible local code exec

struct_array_mem_corruption.zip

@chriseth chriseth added this to Optional in 0.5.0 via automation Jul 11, 2018

@chriseth chriseth added the bug 🐛 label Jul 11, 2018

@chriseth

This comment has been minimized.

Copy link
Contributor

chriseth commented Jul 11, 2018

The issue is that the compiler wants to compute the storage size of a recursive struct like the following:

contract C {
    struct S { 
    S[2**20] x;
        int[2*650] y; }
    S[2*620] x;
}

We have checks to find out whether a struct is recursive, but it seems we somehow compute the size before doing the check.

@ekpyron ekpyron self-assigned this Jul 12, 2018

0.5.0 automation moved this from Optional to Done Jul 12, 2018

@zhongyinglou

This comment has been minimized.

Copy link
Author

zhongyinglou commented Nov 2, 2018

This vulnerability found by security researcher limingzheng From China Beijing Chainsguard (www.chainsguard.com) .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.