Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix buffer overflow in swap_configurables #274

Merged
merged 7 commits into from
Aug 1, 2024
Merged

Fix buffer overflow in swap_configurables #274

merged 7 commits into from
Aug 1, 2024

Conversation

SwayStar123
Copy link
Member

@SwayStar123 SwayStar123 commented Jul 30, 2024
edited
Loading

Type of change

  • Bug fix

Changes

The following changes have been made:

  • Changes the swap_configurables function to assert that the offset and length of the configurable bytes are less than the bytecode length, in order to avoid a buffer overflow

Checklist

  • I have linked to any relevant issues.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have updated the documentation where relevant (API docs, the reference, and the Sway book).
  • I have added tests that prove my fix is effective or that my feature works.
  • I have added (or requested a maintainer to add) the necessary Breaking* or New Feature labels where relevant.
  • I have done my best to ensure that my PR adheres to the Fuel Labs Code Review Standards.
  • I have requested a review from the relevant team or maintainers.
  • I have updated the changelog to reflect the changes on this PR.

@SwayStar123 SwayStar123 self-assigned this Jul 30, 2024
@SwayStar123 SwayStar123 added Bug Something isn't working Bytecode Solver Label used to filter for the library issue labels Jul 30, 2024
@SwayStar123 SwayStar123 marked this pull request as ready for review July 30, 2024 09:53
@SwayStar123 SwayStar123 requested a review from a team as a code owner July 30, 2024 09:53
@bitzoic
Copy link
Member

bitzoic commented Jul 31, 2024

Checklist needs to be filled out

@bitzoic bitzoic requested a review from a team August 1, 2024 06:59
@SwayStar123 SwayStar123 merged commit 3a8a5dc into master Aug 1, 2024
6 checks passed
@SwayStar123 SwayStar123 deleted the swaystar123-fix-buffer-overflow-bytecode-swap-configs branch August 1, 2024 12:51
@bitzoic bitzoic mentioned this pull request Aug 1, 2024
Merged
K1-R1 added a commit that referenced this pull request Aug 1, 2024
@bitzoic @K1-R1 @SwayStar123
Release v0.23.0 (#280)
9987d8a 
## [v0.23.0]

### Added

- [#259](#259) Adds a new
upgradability library, including associated tests and documentation.
- [#265](#265) Adds the
`SetMetadataEvent` and emits `SetMetadataEvent` when the
`_set_metadata()` function is called.
- [#270](#270) Adds `OrdEq`
functionality to Signed Integers.
- [#272](#272) Adds the
`TryFrom` implementation from signed integers to unsigned integers.

### Changed

- [#265](#265) Enables the
metadata events now that the Rust SDK supports wrapped heap types.
- [#269](#269) Hashes the
string "admin" and with the bits of an Identity when creating a storage
slot to storage an admin in the Admin Library.
- [#276](#276) Prepares for
v0.23.0 release.
- [#278](#278) Deprecates the
Fixed Point number library.

### Fixed

- [#258](#258) Fixes incorrect
instructions on how to run tests in README and docs hub.
- [#262](#262) Fixes incorrect
ordering comparison for IFP64, IFP128 and IFP256.
- [#263](#263) Fixes `I256`'s
returned bits.
- [#263](#263) Fixes `I128`
and `I256`'s zero or "indent" value.
- [#268](#268) Fixes
subtraction involving negative numbers for `I8`, `I16`, `I32`, `I64`,
`I128`, and `I256`.
- [#272](#272) Fixes `From`
implementations for Signed Integers with `TryFrom`.
- [#273](#273) Fixes negative
from implementations for Signed Integers.
- [#274](#274) Fixes the
`swap_configurables()` function to correctly handle the case where the
bytecode is too large to fit in the buffer.
- [#275](#275) Fixes an
infinite loop in the Bytecode root library's `_compute_bytecode_root()`
function.

#### Breaking

- [#263](#263) Removes the
`TwosComplement` trait in favor of `WrappingNeg`.

The following demonstrates the breaking change. While this example code
uses the `I8` type, the same logic may be applied to the `I16`, `I32`,
`I64`, `I128`, and `I256` types.

Before:

```sway
let my_i8 = i8::zero();
let twos_complement = my_i8.twos_complement();
```

After:

```sway
let my_i8 = i8::zero();
let wrapping_neg = my_i8.wrapping_neg();
```

- [#272](#272) The `From`
implementation for all signed integers to their respective unsigned
integer has been removed. The `TryFrom` implementation has been added in
its place.

Before:

```sway
let my_i8: I8 = I8::from(1u8);
```

After:

```sway
let my_i8: I8 = I8::try_from(1u8).unwrap();
```

- [#273](#273) The `neg_from`
implementation for all signed integers has been removed. The
`neg_try_from()` implementation has been added in its place.

The following demonstrates the breaking change. While this example code
uses the `I8` type, the same logic may be applied to the `I16`, `I32`,
`I64`, `I128`, and `I256` types.

Before:

```sway
let my_negative_i8: I8 = I8::neg_from(1u8);
```

After:

```sway
let my_negative_i8: I8 = I8::neg_try_from(1u8).unwrap();
```

- [#278](#278) Deprecates the
Fixed Point number library. The Fixed Point number library is no longer
available.

---------

Co-authored-by: K1-R1 <[email protected]>
Co-authored-by: SwayStar123 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bitzoic bitzoic bitzoic approved these changes

@K1-R1 K1-R1 K1-R1 approved these changes

Assignees

@SwayStar123 SwayStar123

Labels
Bug Something isn't working Bytecode Solver Label used to filter for the library issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@SwayStar123 @bitzoic @K1-R1