fix: add check against cache overflow (lambdaclass#1285)

* Add check against cache overflow * Fix off-by-one error * Update changelog
dojoengine · Jul 4, 2023 · 50d2da3 · 50d2da3
1 parent 6829432
commit 50d2da3
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,13 +2,15 @@
 
 #### Upcoming Changes
 
+* fix(security): avoid OOM crashes when programs jump to very high invalid addresses.
+
 * fix: add `to_bytes_be` to the felt when `lambdaworks-felt` feature is active [#1290](https://github.com/lambdaclass/cairo-vm/pull/1290)
 
 * chore: mark `modpow` and `to_signed_bytes_le` as *deprecated* [#1290](https://github.com/lambdaclass/cairo-vm/pull/1290)
 
 * fix: bump *lambdaworks-math* to latest version, that fixes no-std support [#1293](https://github.com/lambdaclass/cairo-vm/pull/1293)
 
-* build: remove dependecy to `thiserror` (use `thiserror-no-std/std` instead)
+* build: remove dependency to `thiserror` (use `thiserror-no-std/std` instead)
 
 * chore: use LambdaWorks' implementation of bit operations for `Felt252` [#1291](https://github.com/lambdaclass/cairo-rs/pull/1291)
 

diff --git a/cairo_programs/manually_compiled/overflowing_dict.json b/cairo_programs/manually_compiled/overflowing_dict.json
@@ -0,0 +1,22 @@
+{
+    "attributes": [],
+    "builtins": [],
+    "compiler_version": "0.11.0",
+    "data": [
+        "0x1104800180018000",
+        "0x80000000000001"
+    ],
+    "hints": {},
+    "identifiers": {
+        "__main__.main": {
+            "decorators": [],
+            "pc": 0,
+            "type": "function"
+        }
+    },
+    "main_scope": "__main__",
+    "prime": "0x800000000000011000000000000000000000000000000000000000000000001",
+    "reference_manager": {
+        "references": []
+    }
+}
diff --git a/vm/src/tests/cairo_run_test.rs b/vm/src/tests/cairo_run_test.rs
@@ -975,3 +975,10 @@ fn cairo_run_if_reloc_equal() {
     let program_data = include_bytes!("../../../cairo_programs/if_reloc_equal.json");
     run_program_simple_with_memory_holes(program_data, 4);
 }
+
+#[test]
+fn cairo_run_overflowing_dict() {
+    let program_data =
+        include_bytes!("../../../cairo_programs/manually_compiled/overflowing_dict.json");
+    run_program_with_error(program_data, "Unknown memory cell at address");
+}
diff --git a/vm/src/vm/vm_core.rs b/vm/src/vm/vm_core.rs
@@ -462,6 +462,10 @@ impl VirtualMachine {
     pub fn step_instruction(&mut self) -> Result<(), VirtualMachineError> {
         let pc = self.run_context.pc.offset;
 
+        if self.segments.memory.data[0].len() <= pc {
+            return Err(MemoryError::UnknownMemoryCell(Box::new((0, pc).into())))?;
+        }
+
         let mut inst_cache = core::mem::take(&mut self.instruction_cache);
         inst_cache.resize((pc + 1).max(inst_cache.len()), None);