gaspersic/solana
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix integer overflow in degenerate invoke_signed BPF syscalls (bp #15051) (#15070)

Browse Source 
* Fix integer overflow in degenerate invoke_signed BPF syscalls (#15051)

(cherry picked from commit ebbaa1f8ea)

# Conflicts:
#	programs/bpf_loader/src/syscalls.rs

* resolve conflicts

Co-authored-by: Mrmaxmeier <Mrmaxmeier@gmail.com>
Co-authored-by: Jack May <jack@solana.com>
This commit is contained in:
mergify[bot]
2021-02-04 00:09:56 +00:00
committed by GitHub
parent ba733168c6
commit a4b4bbf039
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
programs/bpf_loader/src/syscalls.rs
View File

@ -1270,7 +1270,10 @@ fn check_instruction_size(
data_len: usize, data_len: usize,
max_size: usize, max_size: usize,
) -> Result<(), EbpfError<BPFError>> { ) -> Result<(), EbpfError<BPFError>> {
if max_size < num_accounts * size_of::<AccountMeta>() + data_len { let size = num_accounts
.saturating_mul(size_of::<AccountMeta>())
.saturating_add(data_len);
if size > max_size {
return Err( return Err(
SyscallError::InstructionError(InstructionError::ComputationalBudgetExceeded).into(), SyscallError::InstructionError(InstructionError::ComputationalBudgetExceeded).into(),
); );