Skip to content

Commit

Permalink
chore: improve send_cmio_response bounds checking
Browse files Browse the repository at this point in the history
  • Loading branch information
mpernambuco committed Dec 16, 2024
1 parent aa5e46c commit b5aef38
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 3 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Changed
- Added a "--jobs" option to "uarch-riscv-tests.lua" test
- add-created-files.diff should now be applied with `-p1`
- Improved send_cmio_response bounds checking

### Fixed
- Fixed --skip-root-hash-store not skipping root hash computation when using the cli
Expand Down
5 changes: 4 additions & 1 deletion src/send-cmio-response.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,14 @@ void send_cmio_response(STATE_ACCESS &a, uint16 reason, bytes data, uint32 dataL
// Find the write length: the smallest power of 2 that is >= dataLength and >= tree leaf size
uint32 writeLengthLog2Size = uint32Log2(dataLength);
if (writeLengthLog2Size < machine_merkle_tree::get_log2_word_size()) {
writeLengthLog2Size = 5; // minimum write size is the tree leaf size
writeLengthLog2Size = machine_merkle_tree::get_log2_word_size(); // minimum write size is the tree leaf size
}
if (uint32ShiftLeft(1, writeLengthLog2Size) < dataLength) {
writeLengthLog2Size += 1;
}
if (writeLengthLog2Size > PMA_CMIO_RX_BUFFER_LOG2_SIZE) {
throwRuntimeError(a, "CMIO response data is too large");
}
writeMemoryWithPadding(a, PMA_CMIO_RX_BUFFER_START, data, dataLength, writeLengthLog2Size);
}
// Write data length and reason to fromhost
Expand Down
4 changes: 2 additions & 2 deletions tests/lua/machine-bind.lua
Original file line number Diff line number Diff line change
Expand Up @@ -1152,10 +1152,10 @@ do_test("send_cmio_response fails if data is too big", function(machine)
local reason = 1
local data_too_big = string.rep("a", 1 + (1 << cartesi.PMA_CMIO_RX_BUFFER_LOG2_SIZE))
machine:set_iflags_Y()
test_util.assert_error("address range not entirely in memory PMA", function()
test_util.assert_error("CMIO response data is too large", function()
machine:send_cmio_response(reason, data_too_big)
end)
test_util.assert_error("address range not entirely in memory PMA", function()
test_util.assert_error("CMIO response data is too large", function()
machine:log_send_cmio_response(reason, data_too_big)
end)
end)
Expand Down

0 comments on commit b5aef38

Please sign in to comment.