diff options
author | chriseth <chris@ethereum.org> | 2017-10-11 16:45:24 +0800 |
---|---|---|
committer | chriseth <chris@ethereum.org> | 2017-10-18 05:17:36 +0800 |
commit | a3db1fc1976e1b2e67aedecb771c288b6dca6b1c (patch) | |
tree | b1d6eb63c4ac64acdee5374488e2639ffcbbc8b3 /libsolidity/codegen | |
parent | a17996cdadc9e6e941ee7c85681ad3e30f9cf998 (diff) | |
download | dexon-solidity-a3db1fc1976e1b2e67aedecb771c288b6dca6b1c.tar dexon-solidity-a3db1fc1976e1b2e67aedecb771c288b6dca6b1c.tar.gz dexon-solidity-a3db1fc1976e1b2e67aedecb771c288b6dca6b1c.tar.bz2 dexon-solidity-a3db1fc1976e1b2e67aedecb771c288b6dca6b1c.tar.lz dexon-solidity-a3db1fc1976e1b2e67aedecb771c288b6dca6b1c.tar.xz dexon-solidity-a3db1fc1976e1b2e67aedecb771c288b6dca6b1c.tar.zst dexon-solidity-a3db1fc1976e1b2e67aedecb771c288b6dca6b1c.zip |
Do not accept truncated function selectors.
Diffstat (limited to 'libsolidity/codegen')
-rw-r--r-- | libsolidity/codegen/ContractCompiler.cpp | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/libsolidity/codegen/ContractCompiler.cpp b/libsolidity/codegen/ContractCompiler.cpp index 429db532..74565ae4 100644 --- a/libsolidity/codegen/ContractCompiler.cpp +++ b/libsolidity/codegen/ContractCompiler.cpp @@ -251,13 +251,10 @@ void ContractCompiler::appendFunctionSelector(ContractDefinition const& _contrac FunctionDefinition const* fallback = _contract.fallbackFunction(); eth::AssemblyItem notFound = m_context.newTag(); - // shortcut messages without data if we have many functions in order to be able to receive - // ether with constant gas - if (interfaceFunctions.size() > 5 || fallback) - { - m_context << Instruction::CALLDATASIZE << Instruction::ISZERO; - m_context.appendConditionalJumpTo(notFound); - } + // directly jump to fallback if the data is too short to contain a function selector + // also guards against short data + m_context << u256(4) << Instruction::CALLDATASIZE << Instruction::LT; + m_context.appendConditionalJumpTo(notFound); // retrieve the function signature hash from the calldata if (!interfaceFunctions.empty()) |