From a3db1fc1976e1b2e67aedecb771c288b6dca6b1c Mon Sep 17 00:00:00 2001
From: chriseth <chris@ethereum.org>
Date: Wed, 11 Oct 2017 10:45:24 +0200
Subject: Do not accept truncated function selectors.

---
 libsolidity/codegen/ContractCompiler.cpp | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

(limited to 'libsolidity/codegen/ContractCompiler.cpp')

diff --git a/libsolidity/codegen/ContractCompiler.cpp b/libsolidity/codegen/ContractCompiler.cpp
index 429db532..74565ae4 100644
--- a/libsolidity/codegen/ContractCompiler.cpp
+++ b/libsolidity/codegen/ContractCompiler.cpp
@@ -251,13 +251,10 @@ void ContractCompiler::appendFunctionSelector(ContractDefinition const& _contrac
 
 	FunctionDefinition const* fallback = _contract.fallbackFunction();
 	eth::AssemblyItem notFound = m_context.newTag();
-	// shortcut messages without data if we have many functions in order to be able to receive
-	// ether with constant gas
-	if (interfaceFunctions.size() > 5 || fallback)
-	{
-		m_context << Instruction::CALLDATASIZE << Instruction::ISZERO;
-		m_context.appendConditionalJumpTo(notFound);
-	}
+	// directly jump to fallback if the data is too short to contain a function selector
+	// also guards against short data
+	m_context << u256(4) << Instruction::CALLDATASIZE << Instruction::LT;
+	m_context.appendConditionalJumpTo(notFound);
 
 	// retrieve the function signature hash from the calldata
 	if (!interfaceFunctions.empty())
-- 
cgit v1.2.3