From 0a956345433c174cc087c53c73f6c75b29bb1877 Mon Sep 17 00:00:00 2001 From: chriseth Date: Tue, 21 Apr 2015 20:09:20 +0200 Subject: [PATCH] Fix regarding memory overwrite during sha3 computation. --- libsolidity/ExpressionCompiler.cpp | 13 +++++++++---- test/libsolidity/SolidityEndToEndTest.cpp | 20 +++++++++++++++++++- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/libsolidity/ExpressionCompiler.cpp b/libsolidity/ExpressionCompiler.cpp index a11c99443..8c07fbd19 100644 --- a/libsolidity/ExpressionCompiler.cpp +++ b/libsolidity/ExpressionCompiler.cpp @@ -531,9 +531,12 @@ bool ExpressionCompiler::visit(FunctionCall const& _functionCall) break; case Location::SHA3: { - m_context << u256(0); + // we might compute a sha as part of argumentsAppendCopyToMemory, this is only a hack + // and should be removed once we have a real free memory pointer + m_context << u256(0x40); appendArgumentsCopyToMemory(arguments, TypePointers(), function.padArguments(), false, true); - m_context << u256(0) << eth::Instruction::SHA3; + m_context << u256(0x40) << eth::Instruction::SWAP1 << eth::Instruction::SUB; + m_context << u256(0x40) << eth::Instruction::SHA3; break; } case Location::Log0: @@ -574,7 +577,8 @@ bool ExpressionCompiler::visit(FunctionCall const& _functionCall) } solAssert(numIndexed <= 4, "Too many indexed arguments."); // Copy all non-indexed arguments to memory (data) - m_context << u256(0); + // Memory position is only a hack and should be removed once we have free memory pointer. + m_context << u256(0x40); vector> nonIndexedArgs; TypePointers nonIndexedTypes; for (unsigned arg = 0; arg < arguments.size(); ++arg) @@ -584,7 +588,8 @@ bool ExpressionCompiler::visit(FunctionCall const& _functionCall) nonIndexedTypes.push_back(function.getParameterTypes()[arg]); } appendArgumentsCopyToMemory(nonIndexedArgs, nonIndexedTypes); - m_context << u256(0) << eth::logInstruction(numIndexed); + m_context << u256(0x40) << eth::Instruction::SWAP1 << eth::Instruction::SUB; + m_context << u256(0x40) << eth::logInstruction(numIndexed); break; } case Location::BlockHash: diff --git a/test/libsolidity/SolidityEndToEndTest.cpp b/test/libsolidity/SolidityEndToEndTest.cpp index d6a240f0e..596f710b9 100644 --- a/test/libsolidity/SolidityEndToEndTest.cpp +++ b/test/libsolidity/SolidityEndToEndTest.cpp @@ -2378,7 +2378,7 @@ BOOST_AUTO_TEST_CASE(event_really_lots_of_data_from_storage) callContractFunction("deposit()"); BOOST_REQUIRE_EQUAL(m_logs.size(), 1); BOOST_CHECK_EQUAL(m_logs[0].address, m_contractAddress); - BOOST_CHECK(m_logs[0].data == encodeArgs(10, 4, 15) + asBytes("ABC")); + BOOST_CHECK(m_logs[0].data == encodeArgs(10, 3, 15) + asBytes("ABC")); BOOST_REQUIRE_EQUAL(m_logs[0].topics.size(), 1); BOOST_CHECK_EQUAL(m_logs[0].topics[0], dev::sha3(string("Deposit(uint256,bytes,uint256)"))); } @@ -2471,6 +2471,24 @@ BOOST_AUTO_TEST_CASE(sha3_multiple_arguments_with_string_literals) bytes{0x66, 0x6f, 0x6f}))); } +BOOST_AUTO_TEST_CASE(sha3_with_bytes) +{ + char const* sourceCode = R"( + contract c { + bytes data; + function foo() returns (bool) + { + data.length = 3; + data[0] = "f"; + data[1] = "o"; + data[2] = "o"; + return sha3(data) == sha3("foo"); + } + })"; + compileAndRun(sourceCode); + BOOST_CHECK(callContractFunction("foo()") == encodeArgs(true)); +} + BOOST_AUTO_TEST_CASE(generic_call) { char const* sourceCode = R"**(