codex-storage
/
constantine
mirror of https://github.com/codex-storage/constantine.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fuzz failure 5-3: Nim inclusive stops :/ (#267)

This commit is contained in:
Mamy Ratsimbazafy 2023-09-09 09:20:01 +02:00 committed by GitHub
parent 1ad8499ae5
commit f3a5f352b8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 35 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
constantine/math_arbitrary_precision/arithmetic/bigints_views.nim
View File

@ -168,14 +168,14 @@ func powMod_vartime*(
let qWords = qBits.wordsRequired()
let pWords = pBits.wordsRequired()
var qBuf = allocStackArray(SecretWord, M.len)
var a1Buf = allocStackArray(SecretWord, M.len)
var qBuf = allocStackArray(SecretWord, qWords)
var a1Buf = allocStackArray(SecretWord, qWords)
var a2Buf = allocStackArray(SecretWord, pWords)
var yBuf = allocStackArray(SecretWord, pWords)
var qInv2kBuf = allocStackArray(SecretWord, pWords)
template q: untyped = qBuf.toOpenArray(0, M.len-1) # TODO use qWords instead of M.len
template a1: untyped = a1Buf.toOpenArray(0, M.len-1)
template q: untyped = qBuf.toOpenArray(0, qWords-1)
template a1: untyped = a1Buf.toOpenArray(0, qWords-1)
template a2: untyped = a2Buf.toOpenArray(0, pWords-1)
template y: untyped = yBuf.toOpenArray(0, pWords-1)
template qInv2k: untyped = qInv2kBuf.toOpenArray(0, pWords-1)

31
tests/t_ethereum_evm_modexp.nim
View File

@ -73,6 +73,37 @@ suite "EVM ModExp precompile (EIP-198)":
doAssert status == cttEVM_Success
doAssert r[0] == 0, ". Result was " & $r[0]
test "Audit #5-3 - temp buffer extra unintialized word":
let input = [
# Length of base (1)
uint8 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
# Length of exponent (2)
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
# Length of modulus (9)
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09,
# Base
0x02,
# Exponent
0x02, 0x65,
# Modulus
0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x98
]
var r = newSeq[byte](9)
let status = r.eth_evm_modexp(input)
doAssert status == cttEVM_Success
doAssert r == @[byte 0, 0, 1, 45, 106, 227, 225, 162, 136], ". Result was " & $r
test "Audit #8 - off-by-1 buffer overflow - ptr + length exclusive vs openArray(lo, hi) inclusive":
let input = [
# Length of base (24)