From 90d60a754d075e2957ffa681088f4a4aa956018d Mon Sep 17 00:00:00 2001 From: alvrs Date: Tue, 28 Jan 2025 17:41:58 +0100 Subject: [PATCH 1/2] add failing test --- packages/store/test/StoreCore.t.sol | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/packages/store/test/StoreCore.t.sol b/packages/store/test/StoreCore.t.sol index 27a38b54cd..2be754bb8d 100644 --- a/packages/store/test/StoreCore.t.sol +++ b/packages/store/test/StoreCore.t.sol @@ -1035,6 +1035,23 @@ contract StoreCoreTest is Test, StoreMock { uint40(data.thirdDataForUpdate.length), data.thirdDataForUpdate ); + + // startByteIndex + deleteCount must not overflow + vm.expectRevert( + abi.encodeWithSelector( + IStoreErrors.Store_IndexOutOfBounds.selector, + data.newThirdDataBytes.length - 8, + data.newThirdDataBytes.length + ) + ); + this.spliceDynamicData( + data.tableId, + data.keyTuple, + 1, + uint40(data.newThirdDataBytes.length), // set start to end of the field + uint40(8), // delete 8 bytes (after the start index, so after the size of the field) + abi.encodePacked(uint64(1)) // append 8 bytes + ); } function testAccessEmptyData() public { From 10bbab566fdf4910b8e52703e688e0b588a5056c Mon Sep 17 00:00:00 2001 From: alvrs Date: Tue, 28 Jan 2025 17:57:26 +0100 Subject: [PATCH 2/2] add patch --- packages/store/src/StoreCore.sol | 4 ++-- packages/store/test/StoreCore.t.sol | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/store/src/StoreCore.sol b/packages/store/src/StoreCore.sol index 696bb399f6..5784ade397 100644 --- a/packages/store/src/StoreCore.sol +++ b/packages/store/src/StoreCore.sol @@ -1003,8 +1003,8 @@ library StoreCoreInternal { } // The start index can't be larger than the previous length of the field - if (startWithinField > previousFieldLength) { - revert IStoreErrors.Store_IndexOutOfBounds(previousFieldLength, startWithinField); + if (startWithinField > previousFieldLength - deleteCount) { + revert IStoreErrors.Store_IndexOutOfBounds(previousFieldLength - deleteCount, startWithinField); } // Update the encoded length diff --git a/packages/store/test/StoreCore.t.sol b/packages/store/test/StoreCore.t.sol index 2be754bb8d..893ec22b73 100644 --- a/packages/store/test/StoreCore.t.sol +++ b/packages/store/test/StoreCore.t.sol @@ -1023,7 +1023,7 @@ contract StoreCoreTest is Test, StoreMock { vm.expectRevert( abi.encodeWithSelector( IStoreErrors.Store_IndexOutOfBounds.selector, - data.newThirdDataBytes.length, + data.newThirdDataBytes.length - uint40(data.thirdDataForUpdate.length), uint40(type(uint56).max) ) );