From 9c7133956e8dfac4ea56ce32d756e5343d41ab47 Mon Sep 17 00:00:00 2001 From: Charles Cooper Date: Wed, 4 Oct 2023 14:22:09 -0400 Subject: [PATCH 1/3] fix: block memory allocation overflow this fixes potential overflow bugs in pointer calculation by blocking memory allocation above a certain size. the size limit is set at `2**64`, which is the size of addressable memory on physical machines. practically, for EVM use cases, we could limit at a much smaller number (like `2**24`), but we want to allow for "exotic" targets which may allow much more addressable memory. --- vyper/codegen/memory_allocator.py | 9 ++++++++- vyper/exceptions.py | 4 ++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/vyper/codegen/memory_allocator.py b/vyper/codegen/memory_allocator.py index 582d4b9c54..6d202ab36a 100644 --- a/vyper/codegen/memory_allocator.py +++ b/vyper/codegen/memory_allocator.py @@ -1,6 +1,6 @@ from typing import List -from vyper.exceptions import CompilerPanic +from vyper.exceptions import CompilerPanic, MemoryAllocationException from vyper.utils import MemoryPositions @@ -110,6 +110,13 @@ def _expand_memory(self, size: int) -> int: before_value = self.next_mem self.next_mem += size self.size_of_mem = max(self.size_of_mem, self.next_mem) + + if self.size_of_mem >= 2**64: + # this should not be caught + raise MemoryAllocationException( + "Tried to allocate {self.size_of_mem} bytes! (limit is 2**32 bytes)" + ) + return before_value def deallocate_memory(self, pos: int, size: int) -> None: diff --git a/vyper/exceptions.py b/vyper/exceptions.py index defca7cc53..8b2020285a 100644 --- a/vyper/exceptions.py +++ b/vyper/exceptions.py @@ -269,6 +269,10 @@ class StorageLayoutException(VyperException): """Invalid slot for the storage layout overrides""" +class MemoryAllocationException(VyperException): + """Tried to allocate too much memory""" + + class JSONError(Exception): """Invalid compiler input JSON.""" From b5d92633b3268e5ab5f73d6845acb227ae88ece5 Mon Sep 17 00:00:00 2001 From: Charles Cooper Date: Wed, 4 Oct 2023 15:17:12 -0400 Subject: [PATCH 2/3] factor out allocation limit --- vyper/codegen/memory_allocator.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/vyper/codegen/memory_allocator.py b/vyper/codegen/memory_allocator.py index 6d202ab36a..e444f4577e 100644 --- a/vyper/codegen/memory_allocator.py +++ b/vyper/codegen/memory_allocator.py @@ -46,6 +46,8 @@ class MemoryAllocator: next_mem: int + _ALLOCATION_LIMIT: int = 2**64 + def __init__(self, start_position: int = MemoryPositions.RESERVED_MEMORY): """ Initializer. @@ -111,10 +113,11 @@ def _expand_memory(self, size: int) -> int: self.next_mem += size self.size_of_mem = max(self.size_of_mem, self.next_mem) - if self.size_of_mem >= 2**64: + if self.size_of_mem >= self._ALLOCATION_LIMIT: # this should not be caught raise MemoryAllocationException( - "Tried to allocate {self.size_of_mem} bytes! (limit is 2**32 bytes)" + f"Tried to allocate {self.size_of_mem} bytes! " + f"(limit is 2**64 bytes)" ) return before_value From 9296ff4708d57d04b6455cfe7702036fa2b156d5 Mon Sep 17 00:00:00 2001 From: Charles Cooper Date: Wed, 4 Oct 2023 16:05:38 -0400 Subject: [PATCH 3/3] update error message --- vyper/codegen/memory_allocator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vyper/codegen/memory_allocator.py b/vyper/codegen/memory_allocator.py index e444f4577e..b5e1212917 100644 --- a/vyper/codegen/memory_allocator.py +++ b/vyper/codegen/memory_allocator.py @@ -117,7 +117,7 @@ def _expand_memory(self, size: int) -> int: # this should not be caught raise MemoryAllocationException( f"Tried to allocate {self.size_of_mem} bytes! " - f"(limit is 2**64 bytes)" + f"(limit is {self._ALLOCATION_LIMIT} (2**64) bytes)" ) return before_value