Skip to content

Fix bug in Bytes.lastIndexOf when array is empty and position is not 2²⁵⁶-1 #5797

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Fix bug in Bytes.lastIndexOf when array is empty and position is not 2²⁵⁶-1 #5797

wants to merge 6 commits into from
+105 −14

Conversation

Amxx
Copy link
Collaborator

@Amxx Amxx commented Jul 15, 2025
edited by ernestognw
Loading

Fix bug introduced in #5252 (v5.2)

Bug description

If the buffer is empty and if pos is not type(uint256).max

  • in the computation of Math.min(pos, length - 1) + 1, length-1 overflow and return 2²⁵⁶-1.
  • taking the min between pos and that will return something that is NOT 2²⁵⁶-1.
  • adding 1 to it will NOT return 0.
  • the loop will start at a non-0 index, and try to access data when the buffer is actually empty.

This will return unpredictable results, if s can be found after the buffer. For example, if the memory after the is clean (zero) and you do lastIndexOf('0x', '0x00', 17) ... it will return 17 instead of the expected 2²⁵⁶-1 (not found)

PR Checklist

  • Tests
  • Documentation
  • Changeset entry (run npx changeset add)

@Amxx Amxx requested a review from a team as a code owner July 15, 2025 09:18
@Amxx Amxx added the bug label Jul 15, 2025
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jul 15, 2025
edited
Loading

🦋 Changeset detected

Latest commit: cfbb2e6

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
openzeppelin-solidity Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@Amxx Amxx requested a review from ernestognw July 15, 2025 10:25
@Amxx Amxx force-pushed the bugfix/Bytes-lastIndexOf-empty branch from 6d20d77 to edf974e Compare July 15, 2025 10:37
@Amxx Amxx added this to the 5.4 milestone Jul 15, 2025
@Amxx Amxx requested a review from gonzaotc July 15, 2025 14:28
ernestognw
ernestognw previously approved these changes Jul 15, 2025
View reviewed changes
@ernestognw @Amxx
Update .changeset/witty-hats-flow.md
cfbb2e6 
Co-authored-by: Hadrien Croubois <hadrien.croubois@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ernestognw ernestognw ernestognw approved these changes

@gonzaotc gonzaotc Awaiting requested review from gonzaotc

Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
5.4
Development

Successfully merging this pull request may close these issues.
2 participants
@Amxx @ernestognw