Handle potential overflow in getData (#13890)

Fixes erigontech/security#1

Author: yperbasis

core/vm/common.go

@@ -60,8 +60,8 @@ func getData(data []byte, start uint64, size uint64) []byte {
 	if start > length {
 		start = length
 	}
-	end := start + size
-	if end > length {
+	end, overflow := math.SafeAdd(start, size)
+	if end > length || overflow {
 		end = length
 	}
 	return common.RightPadBytes(data[start:end], int(size))

core/vm/contracts_test.go

@@ -27,7 +27,11 @@ import (
 	"testing"
 	"time"
 
+	"github.com/stretchr/testify/assert"
+
 	libcommon "github.com/erigontech/erigon-lib/common"
+	"github.com/erigontech/erigon-lib/common/hexutil"
+	"github.com/erigontech/erigon-lib/common/math"
 )
 
 // precompiledTest defines the input/output pairs for precompiled contract tests.
@@ -260,6 +264,15 @@ func TestPrecompiledModExpOOG(t *testing.T) {
 	}
 }
 
+func TestModExpPrecompilePotentialOutOfRange(t *testing.T) {
+	modExpContract := PrecompiledContractsCancun[libcommon.BytesToAddress([]byte{0x05})]
+	hexString := "0x0000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000ffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000ee"
+	input := hexutil.MustDecode(hexString)
+	maxGas := uint64(math.MaxUint64)
+	_, _, err := RunPrecompiledContract(modExpContract, input, maxGas)
+	assert.NoError(t, err)
+}
+
 // Tests the sample inputs from the elliptic curve scalar multiplication EIP 213.
 func TestPrecompiledBn256ScalarMul(t *testing.T)      { testJson("bn256ScalarMul", "07", t) }
 func BenchmarkPrecompiledBn256ScalarMul(b *testing.B) { benchJson("bn256ScalarMul", "07", b) }