Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ABI] Out-of-bound access fixed #1872

Merged
merged 4 commits into from Jul 18, 2023
Merged

[ABI] Out-of-bound access fixed #1872

merged 4 commits into from Jul 18, 2023

Conversation

hyunsooda
Copy link
Contributor

Proposed changes

A loop that unpacks a dynamic type (e.g., string, bytes, etc.) with a fixed-size array type did not account for the offset boundary. This modification resolves a crash caused by a buffer overrun and includes the addition of a new test case.

panic: runtime error: slice bounds out of range [4095:544] [recovered]
        panic: runtime error: slice bounds out of range [4095:544]

goroutine 31 [running]:
testing.tRunner.func1.2({0x77d8a0, 0xc00014bad0})
        /usr/local/go/src/testing/testing.go:1526 +0x24e
testing.tRunner.func1()
        /usr/local/go/src/testing/testing.go:1529 +0x39f
panic({0x77d8a0, 0xc00014bad0})
        /usr/local/go/src/runtime/panic.go:884 +0x213
github.com/klaytn/klaytn/accounts/abi.toGoType(0x20, {0xc00026a680, 0x3, 0x5, {0xc0002720f0, 0x9}, {0x0, 0x0}, {0x0, 0x0, ...}, ...}, ...)
        fuzzing/klaytn/accounts/abi/unpack.go:234 +0xa85
github.com/klaytn/klaytn/accounts/abi.Arguments.UnpackValues({0xc0002658c0?, 0x2, 0x416e3a?}, {0xc000140480, 0x220, 0x480})
        fuzzing/klaytn/accounts/abi/argument.go:184 +0x2f8
github.com/klaytn/klaytn/accounts/abi.Arguments.Unpack({0xc0002658c0, 0x2, 0x4}, {0x72a900?, 0xc000169100?}, {0xc000140480?, 0x0?, 0xa6d5a0?})
        fuzzing/klaytn/accounts/abi/argument.go:90 +0x129
github.com/klaytn/klaytn/accounts/abi.ABI.Unpack({{{0x0, 0x0}, {0x0, 0x0}, 0x0, {0xc000272000, 0xa}, 0x0, 0x0, {0xa6d5a0, ...}, ...}, ...}, ...)
        fuzzing/klaytn/accounts/abi/abi.go:98 +0x2de
github.com/klaytn/klaytn/accounts/abi.TestUnpackEventOffsetBound(0xc00023b040)
        fuzzing/klaytn/accounts/abi/abi_test.go:800 +0x250
testing.tRunner(0xc00023b040, 0x7da9e0)
        /usr/local/go/src/testing/testing.go:1576 +0x10b
created by testing.(*T).Run
        /usr/local/go/src/testing/testing.go:1629 +0x3ea

I investigated the possibility of users providing arbitrary input to the Unpack() function in the network and RPC packages. However, I found that there is currently no such gateway available, as all of the Unpack() usages are hardcoded.

Types of changes

Please put an x in the boxes related to your change.

  • Bugfix
  • New feature or enhancement
  • Others

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.

  • I have read the CONTRIBUTING GUIDELINES doc
  • I have signed the CLA
  • Lint and unit tests pass locally with my changes ($ make test)
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)
  • Any dependent changes have been merged and published in downstream modules

Related issues

  • Please leave the issue numbers or links related to this PR here.

Further comments

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...

blukat29
blukat29 reviewed Jun 30, 2023
View reviewed changes
accounts/abi/abi_test.go Outdated Show resolved Hide resolved
blukat29
blukat29 previously approved these changes Jun 30, 2023
View reviewed changes
Copy link
Contributor

@blukat29 blukat29 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! LGTM except minor

@hyunsooda
Copy link
Contributor Author

@blukat29, refacotred. PTAL. Thanks.

blukat29
blukat29 previously approved these changes Jul 4, 2023
View reviewed changes
kjeom
kjeom reviewed Jul 16, 2023
View reviewed changes
accounts/abi/abi_test.go Outdated Show resolved Hide resolved
aidan-kwon
aidan-kwon previously approved these changes Jul 17, 2023
View reviewed changes
@blukat29 blukat29 merged commit 5e2095c into klaytn:dev Jul 18, 2023
11 checks passed
@JayChoi1736 JayChoi1736 mentioned this pull request Jul 24, 2023
Closed
20 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kjeom kjeom kjeom approved these changes

@blukat29 blukat29 blukat29 approved these changes

@aidan-kwon aidan-kwon aidan-kwon approved these changes

Assignees

@hyunsooda hyunsooda

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@hyunsooda @blukat29 @kjeom @aidan-kwon