FVMLib overflows in encodeJumpInstruction if sum of instruction bytes length is > 256
Alexangelj opened this issue · comments
Description
In the FVMLib, the encodeJumpInstruction
concats instructions with pointers to the next instructions. This pointer
value is a uint8
, which means the pointer could be at most 2^8, 256. So if the sum of the length of the instructions is greater than this value, the pointer
will revert from arithmetic overflow.
This is not necessarily a bug. This enforces a limit on the amount of instructions that can be encoded, because the pointer would need to be two bytes to support more instructions. This is makes it important to use calldata compression techniques in the encoding, or make the pointers larger.
Now this is documented, we can discuss what we want to do with this limit!
Note: the solidity encoding functions for allocate/deallocate/swap do not use compression. If compression is used (via typescript/rust encoder), the instruction lengths would be smaller, allowing us to fit in more instructions. So this is only a solidity encoding limitation, we can make a compression lib though!
Also limits the amount of instructions possible since length of instructions array is fit into a uint8, limiting to 256 instructions.