From 2d62f2ad03b641ddc634d5fdf41c31f43e8f5911 Mon Sep 17 00:00:00 2001 From: Jack May Date: Mon, 30 Nov 2020 14:39:03 -0800 Subject: [PATCH] Re-fix arithmetic overflow and add better test (#13870) --- programs/bpf_loader/src/syscalls.rs | 32 ++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/programs/bpf_loader/src/syscalls.rs b/programs/bpf_loader/src/syscalls.rs index 60bfa68266..d355ac59a5 100644 --- a/programs/bpf_loader/src/syscalls.rs +++ b/programs/bpf_loader/src/syscalls.rs @@ -313,7 +313,7 @@ fn translate_slice_mut<'a, T>( memory_mapping, access_type, vm_addr, - len * size_of::() as u64, + len.saturating_mul(size_of::() as u64), loader_id, ) { Ok(value) => Ok(unsafe { from_raw_parts_mut(value as *mut T, len as usize) }), @@ -1614,6 +1614,36 @@ mod tests { ) .is_err()); + // u64 + let mut data = vec![1u64, 2, 3, 4, 5]; + let addr = data.as_ptr() as *const _ as u64; + let memory_mapping = MemoryMapping::new_from_regions(vec![MemoryRegion { + host_addr: addr, + vm_addr: 96, + len: (data.len() * size_of::()) as u64, + vm_gap_shift: 63, + is_writable: false, + }]); + let translated_data = translate_slice::( + &memory_mapping, + AccessType::Load, + 96, + data.len() as u64, + &bpf_loader::id(), + ) + .unwrap(); + assert_eq!(data, translated_data); + data[0] = 10; + assert_eq!(data, translated_data); + assert!(translate_slice::( + &memory_mapping, + AccessType::Load, + 96, + u64::MAX, + &bpf_loader::id(), + ) + .is_err()); + // Pubkeys let mut data = vec![solana_sdk::pubkey::new_rand(); 5]; let addr = data.as_ptr() as *const _ as u64;