Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Incorrect struct array processing in sol compiler may cause solc stack overflow #4483

Closed
zhongyinglou opened this issue Jul 11, 2018 · 2 comments
Closed
Assignees
Labels
Projects

Comments

@zhongyinglou
Copy link

@zhongyinglou zhongyinglou commented Jul 11, 2018

Incorrect struct array processing in sol compiler may cause solc stack overflow leading possible local code exec

struct_array_mem_corruption.zip

@chriseth chriseth added this to Optional in 0.5.0 via automation Jul 11, 2018
@chriseth
Copy link
Contributor

@chriseth chriseth commented Jul 11, 2018

The issue is that the compiler wants to compute the storage size of a recursive struct like the following:

contract C {
    struct S { 
    S[2**20] x;
        int[2*650] y; }
    S[2*620] x;
}

We have checks to find out whether a struct is recursive, but it seems we somehow compute the size before doing the check.

@ekpyron ekpyron self-assigned this Jul 12, 2018
0.5.0 automation moved this from Optional to Done Jul 12, 2018
@zhongyinglou
Copy link
Author

@zhongyinglou zhongyinglou commented Nov 2, 2018

This vulnerability found by security researcher limingzheng From China Beijing Chainsguard (www.chainsguard.com) .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
No open projects
0.5.0
  
Done
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants