From 28129d1df20ce75877018ffe416aac754176589d Mon Sep 17 00:00:00 2001 From: jangko Date: Mon, 13 Feb 2023 21:20:52 +0700 Subject: [PATCH] evm: fix premature position truncation of byte op --- .../interpreter/op_handlers/oph_arithmetic.nim | 6 +++--- tests/test_op_arith.nim | 16 ++++++++++++++++ 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/nimbus/evm/interpreter/op_handlers/oph_arithmetic.nim b/nimbus/evm/interpreter/op_handlers/oph_arithmetic.nim index d2e760794..1810dc1a7 100644 --- a/nimbus/evm/interpreter/op_handlers/oph_arithmetic.nim +++ b/nimbus/evm/interpreter/op_handlers/oph_arithmetic.nim @@ -229,12 +229,12 @@ const byteOp: Vm2OpFn = proc(k: var Vm2Ctx) = ## 0x20, Retrieve single byte from word. - let (position, value) = k.cpt.stack.popInt(2) - let pos = position.truncate(int) + let (position, value) = k.cpt.stack.popInt(2) k.cpt.stack.push: - if pos >= 32 or pos < 0: + if position >= 32.u256: zero(UInt256) else: + let pos = position.truncate(int) when system.cpuEndian == bigEndian: cast[array[32, byte]](value)[pos].u256 else: diff --git a/tests/test_op_arith.nim b/tests/test_op_arith.nim index 00ba21fc0..d0d119335 100644 --- a/tests/test_op_arith.nim +++ b/tests/test_op_arith.nim @@ -439,5 +439,21 @@ proc opArithMain*() = SIGNEXTEND stack: "0x000000000000000000000000000000003f9b347132d29b62d161117bca8c7307" + assembler: + title: "BYTE with overflow pos 1" + code: + PUSH32 "0x77676767676760000000000000001002e000000000000040000000e000000000" + PUSH32 "0x0000000000000000000000000000000000000000000000010000000000000000" + BYTE + stack: "0x0000000000000000000000000000000000000000000000000000000000000000" + + assembler: + title: "BYTE with overflow pos 2" + code: + PUSH32 "0x001f000000000000000000000000000000200000000100000000000000000000" + PUSH32 "0x0000000000000000000000000000000080000000000000000000000000000001" + BYTE + stack: "0x0000000000000000000000000000000000000000000000000000000000000000" + when isMainModule: opArithMain()