From e2c568dce80272a0264fdaecc0100218186a8eb4 Mon Sep 17 00:00:00 2001 From: Vladislav Volosnikov Date: Wed, 13 Nov 2024 13:50:20 +0100 Subject: [PATCH] Fix stack overflow check --- system-contracts/contracts/EvmEmulator.yul | 28 ++++++++----------- .../EvmEmulatorFunctions.template.yul | 14 ++++------ 2 files changed, 18 insertions(+), 24 deletions(-) diff --git a/system-contracts/contracts/EvmEmulator.yul b/system-contracts/contracts/EvmEmulator.yul index f9a9c0d75..7b254915a 100644 --- a/system-contracts/contracts/EvmEmulator.yul +++ b/system-contracts/contracts/EvmEmulator.yul @@ -132,8 +132,12 @@ object "EvmEmulator" { offset := add(LAST_RETURNDATA_SIZE_OFFSET(), 64) } + function MAX_STACK_SLOT_OFFSET() -> offset { + offset := add(STACK_OFFSET(), mul(1023, 32)) + } + function BYTECODE_LEN_OFFSET() -> offset { - offset := add(STACK_OFFSET(), mul(1024, 32)) + offset := add(MAX_STACK_SLOT_OFFSET(), 32) } function BYTECODE_OFFSET() -> offset { @@ -514,7 +518,7 @@ object "EvmEmulator" { } function pushStackItem(sp, item, oldStackHead) -> newSp, stackHead { - if iszero(lt(sp, BYTECODE_LEN_OFFSET())) { + if iszero(lt(sp, MAX_STACK_SLOT_OFFSET())) { panic() } @@ -541,12 +545,6 @@ object "EvmEmulator" { } } - function pushStackCheck(sp, numInputs) { - if iszero(lt(add(sp, mul(0x20, sub(numInputs, 1))), BYTECODE_LEN_OFFSET())) { - panic() - } - } - function accessStackHead(sp, stackHead) -> value { if lt(sp, STACK_OFFSET()) { panic() @@ -3180,8 +3178,12 @@ object "EvmEmulator" { offset := add(LAST_RETURNDATA_SIZE_OFFSET(), 64) } + function MAX_STACK_SLOT_OFFSET() -> offset { + offset := add(STACK_OFFSET(), mul(1023, 32)) + } + function BYTECODE_LEN_OFFSET() -> offset { - offset := add(STACK_OFFSET(), mul(1024, 32)) + offset := add(MAX_STACK_SLOT_OFFSET(), 32) } function BYTECODE_OFFSET() -> offset { @@ -3562,7 +3564,7 @@ object "EvmEmulator" { } function pushStackItem(sp, item, oldStackHead) -> newSp, stackHead { - if iszero(lt(sp, BYTECODE_LEN_OFFSET())) { + if iszero(lt(sp, MAX_STACK_SLOT_OFFSET())) { panic() } @@ -3589,12 +3591,6 @@ object "EvmEmulator" { } } - function pushStackCheck(sp, numInputs) { - if iszero(lt(add(sp, mul(0x20, sub(numInputs, 1))), BYTECODE_LEN_OFFSET())) { - panic() - } - } - function accessStackHead(sp, stackHead) -> value { if lt(sp, STACK_OFFSET()) { panic() diff --git a/system-contracts/evm-emulator/EvmEmulatorFunctions.template.yul b/system-contracts/evm-emulator/EvmEmulatorFunctions.template.yul index 58736a58d..ffec81030 100644 --- a/system-contracts/evm-emulator/EvmEmulatorFunctions.template.yul +++ b/system-contracts/evm-emulator/EvmEmulatorFunctions.template.yul @@ -70,8 +70,12 @@ function STACK_OFFSET() -> offset { offset := add(LAST_RETURNDATA_SIZE_OFFSET(), 64) } +function MAX_STACK_SLOT_OFFSET() -> offset { + offset := add(STACK_OFFSET(), mul(1023, 32)) +} + function BYTECODE_LEN_OFFSET() -> offset { - offset := add(STACK_OFFSET(), mul(1024, 32)) + offset := add(MAX_STACK_SLOT_OFFSET(), 32) } function BYTECODE_OFFSET() -> offset { @@ -452,7 +456,7 @@ function popStackItem(sp, oldStackHead) -> a, newSp, stackHead { } function pushStackItem(sp, item, oldStackHead) -> newSp, stackHead { - if iszero(lt(sp, BYTECODE_LEN_OFFSET())) { + if iszero(lt(sp, MAX_STACK_SLOT_OFFSET())) { panic() } @@ -479,12 +483,6 @@ function popStackCheck(sp, numInputs) { } } -function pushStackCheck(sp, numInputs) { - if iszero(lt(add(sp, mul(0x20, sub(numInputs, 1))), BYTECODE_LEN_OFFSET())) { - panic() - } -} - function accessStackHead(sp, stackHead) -> value { if lt(sp, STACK_OFFSET()) { panic()