sysvar-instructions: check data length before storing current instruction idx#162
sysvar-instructions: check data length before storing current instruction idx#162buffalojoec merged 1 commit intoanza-xyz:masterfrom
Conversation
There was a problem hiding this comment.
I really don't think it's a good idea to silently do nothing in the case of a bad data length. I would say this could cause a consensus mismatch on data.len() < 2, but the original implementation would cause a panic.
Maybe it's better to just make it fallible with an InstructionError?
In production it's never possible for the serialized size to be < 2 based on the sysvar serialization logic. I don't think this would cause a consensus break but I'm open to returning an instruction error instead of panicking, just would prefer not to crash the client here. |
Yeah, I think the |
Cool, just pushed a fix. Let me know if the error code looks alright. |
…x for sysvar instructions
…tion idx (anza-xyz#162) instructions: check data length before storing current instruction idx for sysvar instructions
* feat: add compute_fn proc_macro_attribute * WIP: use sol_remaining_compute_units syscall for calc * docs: actualize docs and add introspection cost comment * refactor: add static-syscall, remove dep on pinocchio from log, rename compute_fn -> log_cu_usage * fix: correct comment * fix: ci format step
* feat: add compute_fn proc_macro_attribute * WIP: use sol_remaining_compute_units syscall for calc * docs: actualize docs and add introspection cost comment * refactor: add static-syscall, remove dep on pinocchio from log, rename compute_fn -> log_cu_usage * fix: correct comment * fix: ci format step
* Lightweight log macro (#32) * Add log standalone crate * Refactored * Fix return value * Remove additional crate * Tidy up * Use memcpy * Improve digit formatting * Improve slice formatting * Improve comments * Add readme * Update README.md * Update README.md * Remove doctests * Use workspace values * Added linked readme * Add precision formatting (#47) * Add precision argument * Add std feature * Add std feature cfg * Add precision to solana target * Add precision support for signed types * Add inline * Update docs * Fix slice offset * Fix delta for signed values * Fix doc tests * Add precision formatting to `log!` macro (#50) * Add precision formatting * Remove lazy lock * Add precision formatting details * Update banner image * Add subtitle * log: Add precision support to `str` (#51) * Bump version * Inline never * Add precision support to str * Add trucated attributes * macro: Add truncate formatting (#52) * Add truncate format parsing * Add formatting options * Update README.md * Bump log version * Add formatting examples * Update banner image * Update banner image * Add crate type * log: Add support for `usize` and `isize` (#69) * Fix typo * Add support for usize and isize * Improve sign conversion * Add tests * Simplify isize handling * Avoid duplicate crates (#74) * Avoid duplicate crates * Fix vulnerable package * Fix Grammar and Typographical Errors in Documentation (#86) * Update README.md * Update README.md * Update README.md * Address review comments (#78) * [wip]: Address review comments * [wip]: Fix pointer reference * [wip]: Add logger buffer size tests * Remove unused * More logger tests * Rename program to cpi * Remove dynamic allocation * Fixed signed tests * Fix review comments * Fix unsigned test case * Add is_owner_by helper * Update README layout (#100) * Update readme * Add docs * Fix link * chore: Release * chore: Release * log: Use alloc crate (#120) Use alloc * Publish pinocchio-log-macro v0.4.1 * Add rust version to crates (#135) Add rust version * chore: fix typos (#150) fix typos README.md * log: Improve digit logic (#155) Tweaks * log: Add support for `bool` type (#156) * Tweaks * Add bool support * Use static syscalls when available (#157) * fix: make `sol_log_` call public (#168) * fix: make sol_log_ call public * fix: logger formatting * feat: add`log_cu_usage` proc_macro_attribute (#162) * feat: add compute_fn proc_macro_attribute * WIP: use sol_remaining_compute_units syscall for calc * docs: actualize docs and add introspection cost comment * refactor: add static-syscall, remove dep on pinocchio from log, rename compute_fn -> log_cu_usage * fix: correct comment * fix: ci format step * log: Add unsafe to Log trait (#186) Add unsafe * log: Calculate maximum digits for `Log` implementation (#188) * Calculate max digits * Remove second const Co-authored-by: Jon C <me@jonc.dev> --------- Co-authored-by: Jon C <me@jonc.dev> * ci: Add spellcheck step (#164) * Add invoke instruction helper * Typos * Remove new helpers * Remove unused * Address review comments * Tweak inline attributes * Use invoke signed unchecked * Refactor inline * Renamed to with_bounds * Update docs * Revert change * Add constant length check * Add spellcheck step * Tweak action * Fix typos * More fixes * Yet more fixes * Fixes * Add j1 option * More and more fixes * Add missing acronym * Fix merge * Fix spelling * Fix spelling * Publish pinocchio-log-macro v0.5.0 * Publish pinocchio-log v0.5.0 * log: Update precision logic (#252) * Add precision cap * Add tests * Refactor precision logic * Fix miri warning * Avoid duplication * Add missing syscall * More tests * Fix truncate logic * Fix review comments * Publish pinocchio-log v0.5.1 * Add solana-program-log * Add no_std check * Fix formatting * Fix formatting Updated README to correct links and improve formatting. * Add std support * Fix docs * Fix nits * Bump regex dependency * Tweak std feature * Move macro to top-level * Move dependency to workspace * Update nits --------- Co-authored-by: Dimitris Apostolou <dimitris.apostolou@icloud.com> Co-authored-by: SITADRITA1 <mrlime2018@gmail.com> Co-authored-by: github-actions <github-actions@github.com> Co-authored-by: osrm <90407222+osrm@users.noreply.github.com> Co-authored-by: Lucas Ste <38472950+LucasSte@users.noreply.github.com> Co-authored-by: Sonic <sonic.from.new.yoke@gmail.com> Co-authored-by: Jon C <me@jonc.dev>
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.227 to 1.0.228. - [Release notes](https://github.com/serde-rs/serde/releases) - [Commits](serde-rs/serde@v1.0.227...v1.0.228) --- updated-dependencies: - dependency-name: serde dependency-version: 1.0.228 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.227 to 1.0.228. - [Release notes](https://github.com/serde-rs/serde/releases) - [Commits](serde-rs/serde@v1.0.227...v1.0.228) --- updated-dependencies: - dependency-name: serde dependency-version: 1.0.228 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.227 to 1.0.228. - [Release notes](https://github.com/serde-rs/serde/releases) - [Commits](serde-rs/serde@v1.0.227...v1.0.228) --- updated-dependencies: - dependency-name: serde dependency-version: 1.0.228 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 participants
There are no checks for the instructions sysvar data length before trying to subtract / store data into the account. This does not cause issues in production, but causes issues with Firedancer's fuzzing efforts as this code triggers a panic if the sysvar account is not correctly initialized by the fuzzer when testing UB.