Skip to content

fix(compiler): fix critical security and optimizer bugs #1498

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Jim8y wants to merge 9 commits into
base: master-n3
Choose a base branch
from
Draft

fix(compiler): fix critical security and optimizer bugs #1498

Jim8y wants to merge 9 commits into from

Conversation

@Jim8y
Copy link
Contributor

@Jim8y Jim8y commented Jan 29, 2026

This PR fixes critical bugs found during code review:

SecurityAnalyzer Fixes

Class Name Typos

  • Fixed "Analzyer" -> "Analyzer" in 3 files:
    • : ->
    • : ->
    • : Class name ->
    • : Class name ->

Critical Logic Bugs in UpdateAnalyzer

  • Line 45: Fixed wrong bitwise operator -> for CallFlags check

    • Old: (always true!)
    • New:

  • Line 53: Fixed byte array comparison ->

    • Old: (reference equality)
    • New:

WriteInTryAnalyzer Compilation Fix

  • Added missing helper method

Peephole Optimizer Fixes

Operator Precedence Bugs (3 occurrences)

Fixed incorrect pattern matching due to having higher precedence than :

  • Line 127-129: - now properly grouped
  • Line 160-162: - now properly grouped
  • Line 247-249: - now properly grouped

Instruction Disassembler Fix

  • Fixed incorrect span offset for PUSHDATA2/PUSHDATA4 string extraction
    • PUSHDATA2: -> (2-byte size prefix)
    • PUSHDATA4: -> (4-byte size prefix)

Testing

All 944 compiler unit tests pass after these changes.

@Jim8y
fix(compiler): fix critical security and optimizer bugs
5ac462d 
SecurityAnalyzer fixes:
- Fix typos: Analzyer -> Analyzer in class names (3 occurrences)
- Fix wrong bitwise operator | -> & in UpdateAnalyzer (CallFlags check)
- Fix byte array comparison == -> SequenceEqual in UpdateAnalyzer
- Add missing GetSourceLocation helper in WriteInTryAnalyzer

Peephole optimizer fixes:
- Fix operator precedence bugs in pattern matching (3 occurrences)
  - (A && B || C) -> ((A && B) || C)

Instruction disassembler fix:
- Fix incorrect span offset for PUSHDATA2/PUSHDATA4 string extraction
  - PUSHDATA2: AsSpan(1) -> AsSpan(2)
  - PUSHDATA4: AsSpan(1) -> AsSpan(4)

All 944 compiler unit tests pass.
@Jim8y Jim8y marked this pull request as draft January 29, 2026 09:12
Jim8y added 8 commits January 29, 2026 17:40
@Jim8y
test(compiler): add unit tests for critical security and optimizer bu…
242df58 
…g fixes

Add unit tests demonstrating fixes for:

1. UpdateAnalyzer security fixes:
   - Test_CallFlags_BitwiseOperator_Fix: Verifies (flags | WriteStates) -> (flags & WriteStates)
   - Test_ByteArray_Comparison_Fix: Verifies SequenceEqual vs reference equality

2. Peephole optimizer fixes:
   - Tests for operator precedence fixes in pattern matching
   - Tests verify optimization doesn't crash on various patterns

3. Instruction disassembler fixes:
   - Tests for PUSHDATA2/PUSHDATA4 span offset fixes
   - Tests verify correct data extraction from operands

Also update existing WriteInTry tests to use corrected class name (WriteInTryAnalyzer).

All 961 compiler unit tests pass.
@Jim8y
style: fix formatting issues in unit test files
1d03a34
@Jim8y
chore: ignore git worktrees
df51cd8
@Jim8y
test(security): add analyzer compatibility checks
472de84
@Jim8y
fix(security): respect method range in write-in-try diagnostics
e03ca38
@Jim8y
test(security): exercise update analyzer CALLT and syscall paths
0220bb9
@Jim8y
test(optimizer): run peephole strategies in unit tests
4e1d6da
@Jim8y
test(disassembler): validate PUSHDATA2/4 offsets
4f390b9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Jim8y