add tests for slice oob access

cyberthirst · Mar 16, 2024 · 28f292e · 28f292e
1 parent 01aa719
commit 28f292e
Showing 1 changed file with 63 additions and 0 deletions.
diff --git a/tests/functional/builtins/codegen/test_slice.py b/tests/functional/builtins/codegen/test_slice.py
@@ -435,3 +435,66 @@ def test_slice_bytes32_calldata_extended(get_contract, code, result):
         c.bar(3, "0x0001020304050607080910111213141516171819202122232425262728293031", 5).hex()
         == result
     )
+
+
+oob_fail_list = [
+    """
+d: public(Bytes[256])
+	
+@external
+def do_slice():
+	x : uint256 = 115792089237316195423570985008687907853269984665640564039457584007913129639935 # 2**256-1
+	self.d = b"\x01\x02\x03\x04\x05\x06"
+	assert len(slice(self.d, 1, x))==115792089237316195423570985008687907853269984665640564039457584007913129639935
+    """,
+    """
+@external
+def do_slice():
+    x: uint256 = 115792089237316195423570985008687907853269984665640564039457584007913129639935  # 2**256 - 1
+    y: uint256 = 22704331223003175573249212746801550559464702875615796870481879217237868556850   # 0x3232323232323232323232323232323232323232323232323232323232323232
+    z: uint96 = 1
+    if True:
+        placeholder : uint256[16] = [y, y, y, y, y, y, y, y, y, y, y, y, y, y, y, y]
+    s :String[32] = slice(uint2str(z), 1, x)	# uint2str(z) == "1"
+    #print(len(s))
+    assert slice(s, 1, 2) == "22"
+    """,
+    """
+x: public(Bytes[64])
+secret: uint256
+
+@deploy
+def __init__():
+    self.x = empty(Bytes[64])
+    self.secret = 42
+
+@external
+def do_slice() -> Bytes[64]:
+    # max - 63
+    start: uint256 = 115792089237316195423570985008687907853269984665640564039457584007913129639872
+    return slice(self.x, start, 64) 
+    """,
+    # tests bounds check in adhoc location calldata
+    """
+interface IFace:
+    def choose_value(_x: uint256, _y: uint256, _z: uint256, idx: uint256) -> Bytes[32]: nonpayable
+
+@external
+def choose_value(_x: uint256, _y: uint256, _z: uint256, idx: uint256) -> Bytes[32]:
+    assert idx % 32 == 4
+    return slice(msg.data, idx, 32)
+
+@external
+def do_slice():
+    idx: uint256 = 115792089237316195423570985008687907853269984665640564039457584007913129639908
+    ret: uint256 = _abi_decode(extcall IFace(self).choose_value(1, 2, 3, idx), uint256)
+    assert ret == 0
+    """
+]
+
+
+@pytest.mark.parametrize("bad_code", oob_fail_list)
+def test_slice_buffer_oob_reverts(bad_code, get_contract, tx_failed):
+    c = get_contract(bad_code)
+    with tx_failed():
+        c.do_slice()