Skip to content

Clip OOB values in call data load and copy#448

Merged
xermicus merged 3 commits intomainfrom
cl/bounds
Jan 13, 2026
Merged

Clip OOB values in call data load and copy#448
xermicus merged 3 commits intomainfrom
cl/bounds

Conversation

@xermicus
Copy link
Member

@xermicus xermicus commented Jan 12, 2026

The OOB logic is implemented in the runtime but truncation circumvented it.

Closes #263

@xermicus
the call data load and copy OOB check fix
aa9d647 
Signed-off-by: xermicus <cyrill@parity.io>
@xermicus xermicus requested review from elle-j and kvpanch January 12, 2026 18:52
@xermicus xermicus changed the title the call data load and copy OOB check fix Clip OOB values in call data load and copy Jan 12, 2026
kvpanch
kvpanch approved these changes Jan 12, 2026
View reviewed changes
CHANGELOG.md Outdated
Supported `polkadot-sdk` rev: `unstable2507`

### Fixed
- OOB access in call data load and copy should always produce zero values instead of consuming all gas.
Copy link
Contributor

@kvpanch kvpanch Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"call data load" -> calldataload ?

Copy link
Contributor

@kvpanch kvpanch Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please also elaborate here why this is expected to be zeroed ? Is there any spec point that covers this corner case ?

Copy link
Member Author

@xermicus xermicus Jan 12, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes it's as per spec. The canonical spec is (or was? I heard it's no longer updated) the yellow paper.

Copy link
Contributor

@kvpanch kvpanch Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks!

xermicus and others added 2 commits January 12, 2026 20:38
@xermicus
Merge branch 'main' into cl/bounds
a15955b
@xermicus
changelog
8a23887 
Signed-off-by: Cyrill Leutwiler <bigcyrill@hotmail.com>
elle-j
elle-j approved these changes Jan 13, 2026
View reviewed changes
Copy link
Contributor

@elle-j elle-j left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good fix 👍

@xermicus xermicus merged commit a1a4f8e into main Jan 13, 2026
14 checks passed
@xermicus xermicus deleted the cl/bounds branch January 13, 2026 09:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kvpanch kvpanch kvpanch approved these changes

@elle-j elle-j elle-j approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Using the output of calldataload as a return value causes the execution to fail.

3 participants

@xermicus @elle-j @kvpanch