Report of potential bug in the parity-evm implementation

[ireneGP]

Hello,

• Parity Ethereum version: Parity-Ethereum/v2.2.0-nightly-f4c421f77-20181024/x86_64-linux-gnu/rustc1.29.2
• Git comment: f4c421f
• Operating system: Ubuntu 18.04
• Fully synchronized: NA
• Network: NA
• Restarted: NA

Please see the exception info below:

====================
stack backtrace:

 0:     0x559de87a428c - backtrace::backtrace::trace::h6cfa6ca381623be3
1:     0x559de87a4042 - <backtrace::capture::Backtrace as core::default::Default>::default::h1d0ec977487dc5d9
2:     0x559de87a40b8 - backtrace::capture::Backtrace::new::h3ed6ab535d7c4949
3:     0x559de847b4ee - panic_hook::gen_panic_msg::ha391f3dfcede76a5
4:     0x559de847b2e0 - panic_hook::set_with::{{closure}}::haeca7e1698668ad7
5:     0x559de8948263 - std::panicking::rust_panic_with_hook::h542dacac3f3a20d8
                    at libstd/panicking.rs:479
6:     0x559de8947dc9 - std::panicking::continue_panic_fmt::hd989cd729c0c5a4b
                    at libstd/panicking.rs:390
7:     0x559de8947cc5 - rust_begin_unwind
                    at libstd/panicking.rs:325
8:     0x559de899bf9b - core::panicking::panic_fmt::h26b7cf0675909ac6
                    at libcore/panicking.rs:77
9:     0x559de8993880 - core::slice::slice_index_len_fail::hcc13d5324deb5495
                    at libcore/slice/mod.rs:1971
10:     0x559de845923a - <parity_evm::display::json::Informant as ethcore::trace::VMTracer>::trace_executed::{{closure}}::h5e935cd02e455dd8
11:     0x559de8459887 - <parity_evm::display::json::Informant as ethcore::trace::VMTracer>::drain::h78f1d52c535a2ec1
12:     0x559de84566de - parity_evm::display::json::Informant::with_informant_in_depth::h6a7ab9f5f3635889
13:     0x559de840e2d3 - <ethcore::executive::Executive<'a, B>>::call_with_stack_depth::hb9f3b5c7ffe51e5b
14:     0x559de8401786 - ethcore::client::evm_test_client::EvmTestClient::call::hdb9edaeb8a954e14
15:     0x559de845080d - parity_evm::info::run_action::h6457e88c2692f821
16:     0x559de83de0d3 - parity_evm::main::h014ba30bda7cb632
17:     0x559de8444092 - std::rt::lang_start::{{closure}}::hb0d0ec881d3d75e0
18:     0x559de8947c62 - std::rt::lang_start_internal::{{closure}}::h2d27f966df62f613
                    at libstd/rt.rs:59
                     - std::panicking::try::do_call::h0208f3354fcc3e87
                    at libstd/panicking.rs:310
19:     0x55aed66b6769 - __rust_maybe_catch_panic
                    at libpanic_unwind/lib.rs:105
20:     0x55aed66997e5 - std::panicking::try::h8cfae114cfc320aa
                    at libstd/panicking.rs:289
                     - std::panic::catch_unwind::h9e48b3e6dc9f9394
                    at libstd/panic.rs:392
                     - std::rt::lang_start_internal::h56481fc9d09c36f4
                    at libstd/rt.rs:58
21:     0x55aed61308d3 - main
22:     0x7fe409028b96 - __libc_start_main
23:     0x55aed606aaf9 - _start
24:                0x0 - <unknown>

Thread 'main' panicked at 'index 1048605 out of range for slice of length 0', libcore/slice/mod.rs:1971

This is a bug. Please report it at:

  https://github.com/paritytech/parity-ethereum/issues/new

[1]    9408 abort      ./parity-evm --code 5A51 --json --gas fffff

[ireneGP]

Hi @joshua-mir . Thanks for the prompt response. Just for curious, what does F1-security mean? Would this lead to any security breaches?

[jam10o-new]

Hey, I was just being safe. If the bug was in the actual evm implementation, then yes it might be a DoS vector.

Thankfully, someone informed me that (and I just tested locally) that this is an issue in the tracer, not evmbin itself 😅

Can replicate this locally, running without --json doesn't crash.

[ireneGP]

@joshua-mir
Aha, I see the point here. Yes, from the log trace it should be something on the json component. That's interesting to know. I guess crash software written in Rust is difficult anyway ;-)