Use returndatacopy for retrieving dynamically sized outputs. #3308
Conversation
chriseth
force-pushed
the
usereturndatacopy
branch
from
a023ade to
aab2ac1
Compare
chriseth
changed the title
|
This is ready for review. Decisions to be taken:
|
| else | ||
| m_context << Instruction::POP; | ||
| { | ||
| utils().fetchFreeMemoryPointer(); |
There was a problem hiding this comment.
We should add a size check here, too.
chriseth
force-pushed
the
usereturndatacopy
branch
from
431379d to
384115e
Compare
|
Hi guys. Is it still not merged? |
|
@AnthonyAkentiev someone is impatient there :) There are still security issues to be discussed, see above. |
|
The first comment above is solved ( |
|
Perhaps we could remove the |
|
Use the old decoder only on statically-sized data or on the statically-sized head of dynamically-sized data. This means returndatacopy is not used with the old decoder. |
| // Alter dynamic types to be non-accessible. | ||
| for (auto& param: returnParameterTypes) | ||
| if (param->isDynamicallySized()) | ||
| param = make_shared<InaccessibleDynamicType>(); |
There was a problem hiding this comment.
We could move this check into the TypeChecker around line 1500.
There was a problem hiding this comment.
... only if the pragma specifies that we are using the old encoder.
|
Should use the new |
chriseth
force-pushed
the
usereturndatacopy
branch
3 times, most recently
from
352cf60 to
5ecc33c
Compare
chriseth
force-pushed
the
usereturndatacopy
branch
2 times, most recently
from
d938d19 to
693858d
Compare
|
This is finished, but I still have to untangle the various commits. |
chriseth
force-pushed
the
usereturndatacopy
branch
from
693858d to
6f26336
Compare
|
Commits untangled. |
chriseth
force-pushed
the
usereturndatacopy
branch
from
6f26336 to
645098d
Compare
|
Rebased. |
chriseth
force-pushed
the
usereturndatacopy
branch
from
645098d to
22dc19d
Compare
|
Ready for review. |
|
Ah, the problem is Github lists commits in the wrong order (by timestamp), but merge wise |
|
Oh wow that is interesting. I last rebased two days ago. |
| // Check that the data pointer is valid and that length times | ||
| // item size is still inside the range. | ||
| Whiskers templ(R"({ | ||
| if gt(ptr, 0x100000000) { revert(0, 0) } |
There was a problem hiding this comment.
Is this a random constant (we assume it is not possible to transfer that much due to block gas limits)?
There was a problem hiding this comment.
Do you want something to be changed here?
chriseth
force-pushed
the
usereturndatacopy
branch
from
8a98324 to
7adadfa
Compare
|
|
||
| if (m_kind == Kind::External || m_kind == Kind::CallCode || m_kind == Kind::DelegateCall) | ||
| for (auto& param: returnParameterTypes) | ||
| if (param->isDynamicallySized() && !param->dataStoredIn(DataLocation::Storage)) |
There was a problem hiding this comment.
Can an external call return a storage pointer?
There was a problem hiding this comment.
Yes, but only via delegatecall.
There was a problem hiding this comment.
I.e. only a call to a library function.
|
|
||
| bool dynamicReturnSize = false; | ||
| for (auto const& retType: returnTypes) | ||
| if (retType->isDynamicallyEncoded()) |
There was a problem hiding this comment.
Don't we have calldataEncodedSize and isDynamicallyEncoded on the TupleType, do we need to iterate?
There was a problem hiding this comment.
Apparently no, but would it make sense to do so?
There was a problem hiding this comment.
Tuples are not fully-fledged types in Solidity, so I'm not sure which implications this would have.
There was a problem hiding this comment.
Let's postpone it. Created issue #3769.
| else | ||
| m_context << Instruction::POP; | ||
| solAssert(retSize > 0, ""); | ||
| m_context << (haveReturndatacopy ? eth::AssemblyItem(Instruction::RETURNDATASIZE) : u256(retSize)); |
There was a problem hiding this comment.
Why not just move this into the two parts of the if?
There was a problem hiding this comment.
I guess it is a separate step to always use returndatacopy and not allocate the memory on call.
There was a problem hiding this comment.
I'll add a comment here stating:
Always use the actual return length, and not our calculated expected length, if returndatacopy is supported. This ensures it can catch badly formatted input from external calls.
There was a problem hiding this comment.
Yes, this was the idea, always use returndatacopy to detect badly formatted return data. Yes, please add the comment.
There was a problem hiding this comment.
Actually I think this may warrant its own changelog entry as we're changing behaviour.
Compiling for byzantium (which is the default) may result in a new contract not working with an old one, if we had a case of invalid short encoding, or if the other one isn't Solidity and doesn't encode properly.
Unlikely, but still.
axic
force-pushed
the
usereturndatacopy
branch
2 times, most recently
from
4683f91 to
7c3de57
Compare
| /// From memory if @a _fromMemory is true, otherwise from call data. | ||
| /// Calls revert if @a _revertOnOutOfBounds is true and the supplied size is shorter | ||
| /// than the static data requirements or if dynamic data pointers reach outside of the | ||
| /// area. Also has a hard cap of 0x100000000 for any given length/offset field. |
Fixes #3270
Fixes #2964
Fixes #3273
Fixes #3516
Depends on #3569