fuzz failure 5-3: Nim inclusive stops :/ (#267)
This commit is contained in:
parent
1ad8499ae5
commit
f3a5f352b8
|
@ -168,14 +168,14 @@ func powMod_vartime*(
|
|||
let qWords = qBits.wordsRequired()
|
||||
let pWords = pBits.wordsRequired()
|
||||
|
||||
var qBuf = allocStackArray(SecretWord, M.len)
|
||||
var a1Buf = allocStackArray(SecretWord, M.len)
|
||||
var qBuf = allocStackArray(SecretWord, qWords)
|
||||
var a1Buf = allocStackArray(SecretWord, qWords)
|
||||
var a2Buf = allocStackArray(SecretWord, pWords)
|
||||
var yBuf = allocStackArray(SecretWord, pWords)
|
||||
var qInv2kBuf = allocStackArray(SecretWord, pWords)
|
||||
|
||||
template q: untyped = qBuf.toOpenArray(0, M.len-1) # TODO use qWords instead of M.len
|
||||
template a1: untyped = a1Buf.toOpenArray(0, M.len-1)
|
||||
template q: untyped = qBuf.toOpenArray(0, qWords-1)
|
||||
template a1: untyped = a1Buf.toOpenArray(0, qWords-1)
|
||||
template a2: untyped = a2Buf.toOpenArray(0, pWords-1)
|
||||
template y: untyped = yBuf.toOpenArray(0, pWords-1)
|
||||
template qInv2k: untyped = qInv2kBuf.toOpenArray(0, pWords-1)
|
||||
|
|
|
@ -73,6 +73,37 @@ suite "EVM ModExp precompile (EIP-198)":
|
|||
doAssert status == cttEVM_Success
|
||||
doAssert r[0] == 0, ". Result was " & $r[0]
|
||||
|
||||
test "Audit #5-3 - temp buffer extra unintialized word":
|
||||
let input = [
|
||||
|
||||
# Length of base (1)
|
||||
uint8 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
|
||||
|
||||
# Length of exponent (2)
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
|
||||
|
||||
# Length of modulus (9)
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09,
|
||||
|
||||
# Base
|
||||
0x02,
|
||||
|
||||
# Exponent
|
||||
0x02, 0x65,
|
||||
|
||||
# Modulus
|
||||
0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x98
|
||||
]
|
||||
|
||||
var r = newSeq[byte](9)
|
||||
let status = r.eth_evm_modexp(input)
|
||||
doAssert status == cttEVM_Success
|
||||
doAssert r == @[byte 0, 0, 1, 45, 106, 227, 225, 162, 136], ". Result was " & $r
|
||||
|
||||
test "Audit #8 - off-by-1 buffer overflow - ptr + length exclusive vs openArray(lo, hi) inclusive":
|
||||
let input = [
|
||||
# Length of base (24)
|
||||
|
|
Loading…
Reference in New Issue