Do not crash on invalid indexed access

ethereum · Sep 26, 2018 · af92198 · af92198
1 parent c9eaccb
commit af92198
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 14 deletions.
diff --git a/libsolidity/analysis/TypeChecker.cpp b/libsolidity/analysis/TypeChecker.cpp
@@ -2280,15 +2280,17 @@ bool TypeChecker::visit(IndexAccess const& _access)
 			resultType = make_shared<TypeType>(make_shared<ArrayType>(DataLocation::Memory, typeType.actualType()));
 		else
 		{
-			expectType(*index, IntegerType(256));
-			if (auto length = dynamic_cast<RationalNumberType const*>(type(*index).get()))
-				resultType = make_shared<TypeType>(make_shared<ArrayType>(
-					DataLocation::Memory,
-					typeType.actualType(),
-					length->literalValue(nullptr)
-				));
-			else
+			if (!expectType(*index, IntegerType(256)))
 				m_errorReporter.fatalTypeError(index->location(), "Integer constant expected.");
+
+			auto length = dynamic_cast<RationalNumberType const*>(type(*index).get());
+			solAssert(length, "");
+
+			resultType = make_shared<TypeType>(make_shared<ArrayType>(
+				DataLocation::Memory,
+				typeType.actualType(),
+				length->literalValue(nullptr)
+			));
 		}
 		break;
 	}
@@ -2299,10 +2301,14 @@ bool TypeChecker::visit(IndexAccess const& _access)
 			m_errorReporter.typeError(_access.location(), "Index expression cannot be omitted.");
 		else
 		{
-			expectType(*index, IntegerType(256));
-			if (auto integerType = dynamic_cast<RationalNumberType const*>(type(*index).get()))
-				if (bytesType.numBytes() <= integerType->literalValue(nullptr))
-					m_errorReporter.typeError(_access.location(), "Out of bounds array access.");
+			if (!expectType(*index, IntegerType(256)))
+				m_errorReporter.fatalTypeError(_access.location(), "Integer constant expected.");
+
+			auto integerType = dynamic_cast<RationalNumberType const*>(type(*index).get());
+			solAssert(integerType, "");
+
+			if (bytesType.numBytes() <= integerType->literalValue(nullptr))
+				m_errorReporter.typeError(_access.location(), "Out of bounds array access.");
 		}
 		resultType = make_shared<FixedBytesType>(1);
 		isLValue = false; // @todo this heavily depends on how it is embedded
@@ -2470,7 +2476,7 @@ Declaration const& TypeChecker::dereference(UserDefinedTypeName const& _typeName
 	return *_typeName.annotation().referencedDeclaration;
 }
 
-void TypeChecker::expectType(Expression const& _expression, Type const& _expectedType)
+bool TypeChecker::expectType(Expression const& _expression, Type const& _expectedType)
 {
 	_expression.accept(*this);
 	if (!type(_expression)->isImplicitlyConvertibleTo(_expectedType))
@@ -2499,7 +2505,9 @@ void TypeChecker::expectType(Expression const& _expression, Type const& _expecte
 				_expectedType.toString() +
 				"."
 			);
+		return false;
 	}
+	return true;
 }
 
 void TypeChecker::requireLValue(Expression const& _expression)

diff --git a/libsolidity/analysis/TypeChecker.h b/libsolidity/analysis/TypeChecker.h
@@ -143,7 +143,7 @@ class TypeChecker: private ASTConstVisitor
 
 	/// Runs type checks on @a _expression to infer its type and then checks that it is implicitly
 	/// convertible to @a _expectedType.
-	void expectType(Expression const& _expression, Type const& _expectedType);
+	bool expectType(Expression const& _expression, Type const& _expectedType);
 	/// Runs type checks on @a _expression to infer its type and then checks that it is an LValue.
 	void requireLValue(Expression const& _expression);