Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Insufficient zero-padding bug for functions returning byte arrays of size < 16 #1563
What's your issue about?
A function whose return type is
For example, the
where the first 32 bytes (the first line) denotes the header (the offset 32 = 0x20), the second 32 bytes (the second line) denotes the length of the byte array (8), and the "
What happens is that the compiled bytecode of
it first copies the returned value (of 8 bytes) to some specific region of the memory, and puts only 8 bytes of zero-padding after that, instead of 24 bytes of zeros, which results in including some garbage values in the last 16 bytes. Indeed, in this particular case, the last 16 bytes (
To be more specific, in the following zero-padding LLL code of
the third argument of the
Indeed, the same problem happens in the
[This bug was privately reported on July 22, 2019, confirmed as not a security vulnerability, and made public here for the transparency.]
To quickly reproduce the buggy behavior:
Also see: ethereum/eth2.0-specs#1341