From b6dfd9ef5422d80177b622fc2c486de00fcc0f73 Mon Sep 17 00:00:00 2001 From: Alex Beregszaszi Date: Wed, 28 Feb 2018 16:57:35 +0100 Subject: Ensure that library addresses supplied are of correct length and hex prefixed in JSONIO --- Changelog.md | 3 ++- libsolidity/interface/StandardCompiler.cpp | 20 ++++++++++++++++-- test/libsolidity/StandardCompiler.cpp | 34 ++++++++++++++++++++++++------ 3 files changed, 47 insertions(+), 10 deletions(-) diff --git a/Changelog.md b/Changelog.md index e027e8ad..4262f839 100644 --- a/Changelog.md +++ b/Changelog.md @@ -15,7 +15,8 @@ Bugfixes: * JSON-AST: Add "documentation" property to function, event and modifier definition. * Resolver: Properly determine shadowing for imports with aliases. * Standalone Assembly: Do not ignore input after closing brace of top level block. - * Standard JSON: catch errors properly when invalid "sources" are passed + * Standard JSON: Catch errors properly when invalid "sources" are passed. + * Standard JSON: Ensure that library addresses supplied are of correct length and hex prefixed. * Type Checker: Properly warn when using ``_offset`` and ``_slot`` for constants in inline assembly. * Commandline interface: throw error if option is unknown diff --git a/libsolidity/interface/StandardCompiler.cpp b/libsolidity/interface/StandardCompiler.cpp index 8c64c164..91fe72ae 100644 --- a/libsolidity/interface/StandardCompiler.cpp +++ b/libsolidity/interface/StandardCompiler.cpp @@ -27,6 +27,8 @@ #include #include +#include + using namespace std; using namespace dev; using namespace dev::solidity; @@ -337,16 +339,30 @@ Json::Value StandardCompiler::compileInternal(Json::Value const& _input) return formatFatalError("JSONError", "library entry is not a JSON object."); for (auto const& library: jsonSourceName.getMemberNames()) { + string address = jsonSourceName[library].asString(); + + if (!boost::starts_with(address, "0x")) + return formatFatalError( + "JSONError", + "Library address is not prefixed with \"0x\"." + ); + + if (address.length() != 42) + return formatFatalError( + "JSONError", + "Library address is of invalid length." + ); + try { // @TODO use libraries only for the given source - libraries[library] = h160(jsonSourceName[library].asString()); + libraries[library] = h160(address); } catch (dev::BadHexCharacter) { return formatFatalError( "JSONError", - "Invalid library address (\"" + jsonSourceName[library].asString() + "\") supplied." + "Invalid library address (\"" + address + "\") supplied." ); } } diff --git a/test/libsolidity/StandardCompiler.cpp b/test/libsolidity/StandardCompiler.cpp index 0bb94172..eb2773ba 100644 --- a/test/libsolidity/StandardCompiler.cpp +++ b/test/libsolidity/StandardCompiler.cpp @@ -633,7 +633,7 @@ BOOST_AUTO_TEST_CASE(libraries_invalid_hex) BOOST_CHECK(containsError(result, "JSONError", "Invalid library address (\"0x4200000000000000000000000000000000000xx1\") supplied.")); } -BOOST_AUTO_TEST_CASE(libraries_various_addresses) +BOOST_AUTO_TEST_CASE(libraries_invalid_length) { char const* input = R"( { @@ -641,11 +641,8 @@ BOOST_AUTO_TEST_CASE(libraries_various_addresses) "settings": { "libraries": { "library.sol": { - "L": 42, - "L3": "42", - "L4": "0x42", - "L5": "0x4200000000000000000000000000000000000001", - "L6": "4200000000000000000000000000000000000001" + "L1": "0x42", + "L2": "0x4200000000000000000000000000000000000001ff" } } }, @@ -657,7 +654,30 @@ BOOST_AUTO_TEST_CASE(libraries_various_addresses) } )"; Json::Value result = compile(input); - BOOST_CHECK(containsAtMostWarnings(result)); + BOOST_CHECK(containsError(result, "JSONError", "Library address is of invalid length.")); +} + +BOOST_AUTO_TEST_CASE(libraries_missing_hex_prefix) +{ + char const* input = R"( + { + "language": "Solidity", + "settings": { + "libraries": { + "library.sol": { + "L": "4200000000000000000000000000000000000001" + } + } + }, + "sources": { + "empty": { + "content": "" + } + } + } + )"; + Json::Value result = compile(input); + BOOST_CHECK(containsError(result, "JSONError", "Library address is not prefixed with \"0x\".")); } BOOST_AUTO_TEST_CASE(library_linking) -- cgit