Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix length checking overflow in EVM revert reason parsing (#820)
* Fix length checking overflow in EVM revert reason parsing

* Remove unused debug_assert
  • Loading branch information
sorpaas committed Aug 15, 2022
1 parent ef75c42 commit fff8cc4
Showing 1 changed file with 11 additions and 4 deletions.
15 changes: 11 additions & 4 deletions client/rpc/src/eth/execute.rs
Expand Up @@ -31,6 +31,7 @@ use sp_blockchain::{BlockStatus, HeaderBackend};
use sp_runtime::{
generic::BlockId,
traits::{BlakeTwo256, Block as BlockT},
SaturatedConversion,
};

use fc_rpc_core::types::*;
Expand Down Expand Up @@ -688,13 +689,19 @@ pub fn error_on_execution_failure(reason: &ExitReason, data: &[u8]) -> Result<()
))
}
ExitReason::Revert(_) => {
const LEN_START: usize = 36;
const MESSAGE_START: usize = 68;

let mut message = "VM Exception while processing transaction: revert".to_string();
// A minimum size of error function selector (4) + offset (32) + string length (32)
// should contain a utf-8 encoded revert reason.
if data.len() > 68 {
let message_len = data[36..68].iter().sum::<u8>();
if data.len() >= 68 + message_len as usize {
let body: &[u8] = &data[68..68 + message_len as usize];
if data.len() > MESSAGE_START {
let message_len =
U256::from(&data[LEN_START..MESSAGE_START]).saturated_into::<usize>();
let message_end = MESSAGE_START.saturating_add(message_len);

if data.len() >= message_end {
let body: &[u8] = &data[MESSAGE_START..message_end];
if let Ok(reason) = std::str::from_utf8(body) {
message = format!("{} {}", message, reason);
}
Expand Down

0 comments on commit fff8cc4

Please sign in to comment.