fix tainted memory bug in `Lib_BytesUtils.slice` (#171)

16c5be68 · ben-chain · GitHub · 59111a57 · 16c5be68 · 16c5be68
Commit 16c5be68 authored Jan 11, 2021 by ben-chain Committed by GitHub Jan 11, 2021
5 changed files
--- a/packages/contracts/contracts/optimistic-ethereum/libraries/utils/Lib_BytesUtils.sol
+++ b/packages/contracts/contracts/optimistic-ethereum/libraries/utils/Lib_BytesUtils.sol
@@ -148,6 +148,10 @@ library Lib_BytesUtils {
            default {
                tempBytes := mload(0x40)

+                //zero out the 32 bytes slice we are about to return
+                //we need to do it because Solidity does not garbage collect
+                mstore(tempBytes, 0)
+
                mstore(0x40, add(tempBytes, 0x20))
            }
        }

--- a/packages/contracts/contracts/test-libraries/rlp/TestLib_RLPWriter.sol
+++ b/packages/contracts/contracts/test-libraries/rlp/TestLib_RLPWriter.sol
@@ -83,7 +83,7 @@ contract TestLib_RLPWriter {
        return Lib_RLPWriter.writeBool(_in);
    }

-    function writeAddressWithOtherMemory(
+    function writeAddressWithTaintedMemory(
        address _in
    )
        public

--- a/packages/contracts/contracts/test-libraries/utils/TestLib_BytesUtils.sol
+++ b/packages/contracts/contracts/test-libraries/utils/TestLib_BytesUtils.sol
@@ -4,6 +4,7 @@ pragma experimental ABIEncoderV2;

 /* Library Imports */
 import { Lib_BytesUtils } from "../../optimistic-ethereum/libraries/utils/Lib_BytesUtils.sol";
+import { TestERC20 } from "../../test-helpers/TestERC20.sol";

 /**
 * @title TestLib_BytesUtils
@@ -101,4 +102,20 @@ contract TestLib_BytesUtils {
            _other
        );
    }
+
+    function sliceWithTaintedMemory(
+        bytes memory _bytes,
+        uint256 _start,
+        uint256 _length
+    )
+        public
+        returns (bytes memory)
+    {
+        new TestERC20();
+        return Lib_BytesUtils.slice(
+            _bytes,
+            _start,
+            _length
+        );
+    }
 }
--- a/packages/contracts/test/contracts/libraries/rlp/Lib_RLPWriter.spec.ts
+++ b/packages/contracts/test/contracts/libraries/rlp/Lib_RLPWriter.spec.ts
@@ -45,7 +45,7 @@ describe('Lib_RLPWriter', () => {
      const randomAddress = '0x1234123412341234123412341234123412341234'
      const rlpEncodedRandomAddress =
        '0x941234123412341234123412341234123412341234'
-      const encoded = await Lib_RLPWriter.callStatic.writeAddressWithOtherMemory(
+      const encoded = await Lib_RLPWriter.callStatic.writeAddressWithTaintedMemory(
        randomAddress
      )
      expect(encoded).to.eq(rlpEncodedRandomAddress)

--- a/packages/contracts/test/contracts/libraries/utils/Lib_BytesUtils.spec.ts
+++ b/packages/contracts/test/contracts/libraries/utils/Lib_BytesUtils.spec.ts
@@ -2,8 +2,31 @@
 import { Lib_BytesUtils_TEST_JSON } from '../../../data'
 import { runJsonTest } from '../../../helpers'

+/* External Imports */
+import { ethers } from '@nomiclabs/buidler'
+import { Contract } from 'ethers'
+import { expect } from '../../../setup'
+
 describe('Lib_BytesUtils', () => {
  describe('JSON tests', () => {
    runJsonTest('TestLib_BytesUtils', Lib_BytesUtils_TEST_JSON)
  })
+
+  describe('Use of library with other memory-modifying operations', () => {
+    let TestLib_BytesUtils: Contract
+    before(async () => {
+      TestLib_BytesUtils = await (
+        await ethers.getContractFactory('TestLib_BytesUtils')
+      ).deploy()
+    })
+
+    it('should allow creation of a contract beforehand and still work', async () => {
+      const slice = await TestLib_BytesUtils.callStatic.sliceWithTaintedMemory(
+        '0x123412341234',
+        0,
+        0
+      )
+      expect(slice).to.eq('0x')
+    })
+  })
 })