NoBey/openzeppelin-contracts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor parseUint, parseInt and parseHexUint to check bounds (#5304)

Browse Source 
Co-authored-by: Hadrien Croubois <hadrien.croubois@gmail.com>
This commit is contained in:
Ernesto García
2024-11-25 18:05:40 +08:00
committed by GitHub
parent d11ed2fb0a
commit b3ce884628
3 changed files with 83 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
test/utils/Strings.t.sol
View File

@ -24,4 +24,27 @@ contract StringsTest is Test {
function testParseChecksumHex(address value) external pure {
assertEq(value, value.toChecksumHexString().parseAddress());
}
function testTryParseHexUintExtendedEnd(string memory random) external pure {
uint256 length = bytes(random).length;
assembly ("memory-safe") {
mstore(add(add(random, 0x20), length), 0x3030303030303030303030303030303030303030303030303030303030303030)
}
(bool success, ) = random.tryParseHexUint(1, length + 1);
assertFalse(success);
}
function testTryParseAddressExtendedEnd(address random, uint256 begin) external pure {
begin = bound(begin, 3, 43);
string memory input = random.toHexString();
uint256 length = bytes(input).length;
assembly ("memory-safe") {
mstore(add(add(input, 0x20), length), 0x3030303030303030303030303030303030303030303030303030303030303030)
}
(bool success, ) = input.tryParseAddress(begin, begin + 40);
assertFalse(success);
}
}

15
test/utils/Strings.test.js
View File

@ -240,6 +240,11 @@ describe('Strings', function () {
expect(await this.mock.$tryParseUint('1 000')).deep.equal([false, 0n]);
});
it('parseUint invalid range', async function () {
expect(this.mock.$parseUint('12', 3, 2)).to.be.revertedWithCustomError(this.mock, 'StringsInvalidChar');
expect(await this.mock.$tryParseUint('12', 3, 2)).to.deep.equal([false, 0n]);
});
it('parseInt overflow', async function () {
await expect(this.mock.$parseInt((ethers.MaxUint256 + 1n).toString(10))).to.be.revertedWithPanic(
PANIC_CODES.ARITHMETIC_OVERFLOW,
@ -276,6 +281,11 @@ describe('Strings', function () {
expect(await this.mock.$tryParseInt('1 000')).to.deep.equal([false, 0n]);
});
it('parseInt invalid range', async function () {
expect(this.mock.$parseInt('-12', 3, 2)).to.be.revertedWithCustomError(this.mock, 'StringsInvalidChar');
expect(await this.mock.$tryParseInt('-12', 3, 2)).to.deep.equal([false, 0n]);
});
it('parseHexUint overflow', async function () {
await expect(this.mock.$parseHexUint((ethers.MaxUint256 + 1n).toString(16))).to.be.revertedWithPanic(
PANIC_CODES.ARITHMETIC_OVERFLOW,
@ -303,6 +313,11 @@ describe('Strings', function () {
expect(await this.mock.$tryParseHexUint('1 000')).to.deep.equal([false, 0n]);
});
it('parseHexUint invalid begin and end', async function () {
expect(this.mock.$parseHexUint('0x', 3, 2)).to.be.revertedWithCustomError(this.mock, 'StringsInvalidChar');
expect(await this.mock.$tryParseHexUint('0x', 3, 2)).to.deep.equal([false, 0n]);
});
it('parseAddress invalid format', async function () {
for (const addr of [
'0x736a507fB2881d6bB62dcA54673CF5295dC07833', // valid