-
-
Notifications
You must be signed in to change notification settings - Fork 795
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect Buffer Size Passed to abi_encode()
#4188
Comments
I don't think there are security implications. In vyper/vyper/codegen/abi_encoder.py Line 169 in 7d28a50
Thus it seems that the only problem could be a crash. Assume vyper/vyper/codegen/external_call.py Lines 50 to 52 in 44bb281
ie, |
i misformulated myself in the analysis here, but the conclusion should still hold
the problem is that we might not crash in that is can the outcome of this branch change? if bufsz < size_bound: # pragma: nocover
raise CompilerPanic("buffer provided to abi_encode not large enough")
if fn_type.return_type is not None:
return_abi_t = calculate_type_for_external_return(fn_type.return_type).abi_type
# we use the same buffer for args and returndata,
# so allocate enough space here for the returndata too.
buflen = max(args_abi_t.size_bound(), return_abi_t.size_bound())
else:
buflen = args_abi_t.size_bound() and then for both paths, we do we know that
is
is |
Version Information
vyper --version
OR linkable commit hash vyperlang/vyper@): b43ffacIssue Description
In
external_call.py
the function_pack_arguments
encodes thearguments of the call as follow:
However, the buffer size passed is incorrect given that
buflen
is thelength of the buffer allocated at
buf
but here the passed bufferstarts at
buf + 32
.No security implications were found for this issue.
The text was updated successfully, but these errors were encountered: