Skip to content

Fix integer overflow in analysis around gas cost of undefined instruction #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chfast merged 3 commits into from
Jul 16, 2019
Merged

Fix integer overflow in analysis around gas cost of undefined instruction #93

chfast merged 3 commits into from
Jul 16, 2019

Conversation

@gumb0
Copy link
Member

@gumb0 gumb0 commented Jul 16, 2019
edited
Loading

Without the fix it's not only UBSAN warning, but also the test fails, returning EVMC_OUT_OF_GAS instead of EVMC_UNDEFINED_INSTRUCTION.

Overflow happens not at the place of fix but later during execution here
https://github.com/ethereum/evmone/blob/47a1d47ae96b19a247d3923311735cce118a347b/lib/evmone/instructions.cpp#L1164

@codecov-io
Copy link

codecov-io commented Jul 16, 2019
edited
Loading

Codecov Report

Merging #93 into master will increase coverage by 0.03%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master      #93      +/-   ##
==========================================
+ Coverage   94.89%   94.93%   +0.03%     
==========================================
  Files          18       18              
  Lines        1801     1815      +14     
  Branches      182      184       +2     
==========================================
+ Hits         1709     1723      +14     
  Misses         75       75              
  Partials       17       17

This was referenced Jul 16, 2019
Closed
Closed
@gumb0 gumb0 requested a review from chfast July 16, 2019 10:42
@chfast
Copy link
Member

chfast commented Jul 16, 2019

I found similar test in the fuzzer branch. After cleaning up here is the unit test: 27ef5b0. Please integrate with this PR.

gumb0 added 2 commits July 16, 2019 14:06
@gumb0 @chfast
Test for incorrect analysis result
5db7b35 
Caused by integer overflow around undefined instruction's gas cost.
@gumb0 @chfast
Prevent integer overflow in analysis
b769597 
Prevent integer overflow when calculating block gas with undefined instructions.
@chfast chfast force-pushed the analysis-overflow branch from e1aaab3 to b769597 Compare July 16, 2019 12:07
@chfast chfast merged commit 04e22a4 into master Jul 16, 2019
@chfast chfast deleted the analysis-overflow branch July 16, 2019 12:23
axic
axic reviewed Jul 17, 2019
View reviewed changes
lib/evmone/analysis.cpp

auto metrics = instr_table[c];
block->gas_cost += metrics.gas_cost;
if (metrics.gas_cost > 0) // can be -1 for undefined instruction
Copy link
Member

@axic axic Jul 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we know this instruction will be hit, shouldn't the cost be set to max instead (e.g. out of gas)?

Copy link
Member Author

@gumb0 gumb0 Jul 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think then it would stop with EVMC_OUT_OF_GAS at the beginning of the block, instead of expected EVMC_UNDEFINED_INSTRUCTION

Copy link
Member

@chfast chfast Jul 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe we should set it to 0 as this is real gas cost of executing it. Setting it to "max" is a nice hack, but I don't waste 64-bits in the table just for it.

Copy link
Member

@chfast chfast Jul 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ipsilon/evmc#356.

jwasinger pushed a commit to jwasinger/evmone that referenced this pull request Apr 27, 2021
@chfast
Merge pull request ipsilon#93 from ethereum/tests-cppstd
3076fc8 
Compile unittests and vmtests as C++11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@axic axic axic left review comments

@chfast chfast chfast approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@gumb0 @codecov-io @chfast @axic