Merge pull request #65 from obsidiansystems/parseFixed-overflow

Parse fixed overflow

Makefile

@@ -12,7 +12,7 @@ GIT_DESCRIBE ?= $(shell git describe --tags --abbrev=8 --always --long --dirty 2
 VERSION_TAG ?= $(shell echo "$(GIT_DESCRIBE)" | cut -f1 -d-)
 APPVERSION_M=0
 APPVERSION_N=5
-APPVERSION_P=2
+APPVERSION_P=3
 APPVERSION=$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)
 
 # Only warn about version tags if specified/inferred

src/evm_parse.c

@@ -580,7 +580,7 @@ enum parse_rv parse_abi_call_data(struct EVM_ABI_state *const state,
 
   // Probably we have to allow this, as the metamask constraint means _this_ endpoint will be getting stuff it doesn't understand a lot.
   case ABISTATE_UNRECOGNIZED: {
-    sub_rv = parseFixed(&state->argument_state.fixedState, input, state->data_length - ETHEREUM_SELECTOR_SIZE); // TODO: non-word size values
+    sub_rv = skipBytes(&state->argument_state.fixedState, input, state->data_length);
     if(sub_rv != PARSE_RV_DONE) return sub_rv;
     state->state = ABISTATE_DONE;
     static char const isPresentLabel[]="Is Present (unsafe)";

src/parser.c

@@ -86,6 +86,15 @@ enum parse_rv parseFixed(struct FixedState *const state, parser_input_meta_state
     return state->filledTo == len ? PARSE_RV_DONE : PARSE_RV_NEED_MORE;
 }
 
+enum parse_rv skipBytes(struct FixedState *const state, parser_input_meta_state_t *const input, size_t const len) {
+  size_t const available = input->length - input->consumed;
+  size_t const needed = len - state->filledTo;
+  size_t const to_copy = available > needed ? needed : available;
+  state->filledTo += to_copy;
+  input->consumed += to_copy;
+  return state->filledTo == len ? PARSE_RV_DONE : PARSE_RV_NEED_MORE;
+}
+
 #define IMPL_FIXED_BE(name) \
     inline enum parse_rv parse_ ## name (struct name ## _state *const state, parser_meta_state_t *const meta) { \
         enum parse_rv sub_rv = PARSE_RV_INVALID; \

tests/basic-tests.js

@@ -3,7 +3,7 @@ describe("Basic Tests", () => {
     it('can fetch the version of the app', async function () {
       const cfg = await this.ava.getAppConfiguration();
       expect(cfg).to.be.a('object');
-      expect(cfg).to.have.property("version", "0.5.2");
+      expect(cfg).to.have.property("version", "0.5.3");
       expect(cfg).to.have.property("name", "Avalanche");
     });
     it('returns the expected wallet ID', async function () {

tests/eth-tests.js

@@ -97,7 +97,7 @@ const testDeploy = (chainId, withAmount) => async function () {
                      );
 };
 
-const testUnrecognizedCall = (chainId, gasPrice, gasLimit, amountPrompt, amountHex, address, fee, calldata) => async function () {
+const testUnrecognizedCalldataTx = (chainId, gasPrice, gasLimit, amountPrompt, amountHex, address, fee, calldata) => async function () {
     const tx = rawUnsignedTransaction(chainId, {
         nonce: '0x0a',
         gasPrice: '0x' + gasPrice,
@@ -117,6 +117,17 @@ const testUnrecognizedCall = (chainId, gasPrice, gasLimit, amountPrompt, amountH
     await testSigning(this, chainId, prompts, tx);
 };
 
+const testUnrecognizedCalldata = (calldata) => testUnrecognizedCalldataTx
+(
+    43112,
+    '6d6e2edc00',
+    '2dc6c0',
+    "0.000000001 nAVAX", '01',
+    "0102030400000000000000000000000000000002",
+    '1410000000 GWEI',
+    calldata
+);
+
 const testCall = (chainId, data, method, args) => async function () {
     const address = 'df073477da421520cf03af261b782282c304ad66';
     const tx = rawUnsignedTransaction(chainId, {
@@ -189,27 +200,29 @@ describe("Eth app compatibility tests", async function () {
     }
   });
 
-  it('can sign a transaction with unrecognized calldata via the ethereum ledgerjs module',
-          testUnrecognizedCall(43112,
-                               '6d6e2edc00',
-                               '2dc6c0',
-                               "0.000000001 nAVAX", '01',
-                               "0102030400000000000000000000000000000002",
-                               '1410000000 GWEI',
-                               '90000102030405060708090a0b0c0d0e0f'
-                              )
-         );
-
-  it('can sign a multiple-apdu transaction with unrecognized calldata via the ethereum ledgerjs module',
-          testUnrecognizedCall(43112,
-                               '6d6e2edc00',
-                               '2dc6c0',
-                               "0.000000001 nAVAX", '01',
-                               "0102030400000000000000000000000000000002",
-                               '1410000000 GWEI',
-                               'a415bcad000000000000000000000000d3896bdd73e61a4275e27f660ddf095522f0a1d30000000000000000000000000000000000000000000000000de0b6b3a7640000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000006f0f6da1852857d7789f68a28bba866671f3880d'
-                              )
-         );
+  it('can sign unrecognized calldata nonsense',
+     testUnrecognizedCalldata('90000102030405060708090a0b0c0d0e0f')
+    );
+
+  it('can sign unrecognized calldata (borrow)',
+     testUnrecognizedCalldata('a415bcad000000000000000000000000d3896bdd73e61a4275e27f660ddf095522f0a1d30000000000000000000000000000000000000000000000000de0b6b3a7640000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000006f0f6da1852857d7789f68a28bba866671f3880d')
+    );
+
+  it('can sign unrecognized calldata (Pangolin AVAX/DAI swap)',
+     testUnrecognizedCalldata('8a657e670000000000000000000000000000000000000000000000000de0b6b3a76400000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000c7b9b39ab3081ac34fc4324e3f648b55528871970000000000000000000000000000000000000000000000000000017938dcec130000000000000000000000000000000000000000000000000000000000000002000000000000000000000000b31f66aa3c1e785363f0875a1b74e27b85fd66c7000000000000000000000000ba7deebbfc5fa1100fb055a87773e1e99cd3507a')
+    );
+
+  it('can sign unrecognized calldata (Pangolin AVAX/DAI swap 2)',
+     testUnrecognizedCalldata('8a657e670000000000000000000000000000000000000000000000000de0b6b3a76400000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000c7b9b39ab3081ac34fc4324e3f648b55528871970000000000000000000000000000000000000000000000000000017938e114be0000000000000000000000000000000000000000000000000000000000000002000000000000000000000000b31f66aa3c1e785363f0875a1b74e27b85fd66c7000000000000000000000000ba7deebbfc5fa1100fb055a87773e1e99cd3507a')
+    );
+
+  it('can sign unrecognized calldata (Pangolin AVAX/DAI pool supply 1)',
+     testUnrecognizedCalldata('f91b3f72000000000000000000000000ba7deebbfc5fa1100fb055a87773e1e99cd3507a000000000000000000000000000000000000000000000001a055690d9db800000000000000000000000000000000000000000000000000019e4080d9116900000000000000000000000000000000000000000000000000000d054d6a64e3c8e3000000000000000000000000c7b9b39ab3081ac34fc4324e3f648b55528871970000000000000000000000000000000000000000000000000000017938e009a0')
+     );
+
+  it('can sign unrecognized calldata (Pangolin AVAX/DAI pool supply 1)',
+     testUnrecognizedCalldata('f91b3f72000000000000000000000000ba7deebbfc5fa1100fb055a87773e1e99cd3507a000000000000000000000000000000000000000000000001a055690d9db800000000000000000000000000000000000000000000000000019e4080d9116900000000000000000000000000000000000000000000000000000d01d2b83c13b9ab000000000000000000000000c7b9b39ab3081ac34fc4324e3f648b55528871970000000000000000000000000000000000000000000000000000017938e1fd96')
+     );