Fixes for fuzzing-discovered crashes (#17)

Fixes for fuzzing discovered crashes

Signed-off-by: garyschulte <garyschulte@gmail.com>

Author: garyschulte

src/interpreter/opcodes/environment.zig

@@ -140,8 +140,8 @@ pub fn opCalldatacopy(ctx: *InstructionContext) void {
         return;
     };
 
-    // Dynamic: copy cost
-    const num_words = (size_usize + 31) / 32;
+    // Dynamic: copy cost — use divCeil to avoid (size + 31) overflow when size = maxInt(usize)
+    const num_words = std.math.divCeil(usize, size_usize, 32) catch unreachable;
     const copy_cost: u64 = gas_costs.G_COPY * @as(u64, @intCast(num_words));
     if (!ctx.interpreter.gas.spend(copy_cost)) {
         ctx.interpreter.halt(.out_of_gas);
@@ -211,8 +211,8 @@ pub fn opCodecopy(ctx: *InstructionContext) void {
         return;
     };
 
-    // Dynamic: copy cost
-    const num_words = (size_usize + 31) / 32;
+    // Dynamic: copy cost — use divCeil to avoid (size + 31) overflow when size = maxInt(usize)
+    const num_words = std.math.divCeil(usize, size_usize, 32) catch unreachable;
     const copy_cost: u64 = gas_costs.G_COPY * @as(u64, @intCast(num_words));
     if (!ctx.interpreter.gas.spend(copy_cost)) {
         ctx.interpreter.halt(.out_of_gas);
@@ -303,8 +303,8 @@ pub fn opReturndatacopy(ctx: *InstructionContext) void {
         return;
     };
 
-    // Dynamic: copy cost
-    const num_words = (size_usize + 31) / 32;
+    // Dynamic: copy cost — use divCeil to avoid (size + 31) overflow when size = maxInt(usize)
+    const num_words = std.math.divCeil(usize, size_usize, 32) catch unreachable;
     const copy_cost: u64 = gas_costs.G_COPY * @as(u64, @intCast(num_words));
     if (!ctx.interpreter.gas.spend(copy_cost)) {
         ctx.interpreter.halt(.out_of_gas);

src/interpreter/opcodes/host_ops.zig

@@ -159,7 +159,7 @@ pub fn opExtcodecopy(ctx: *InstructionContext) void {
         }
         const mem_off_u: usize = @intCast(mem_off);
         const size_u: usize = @intCast(size);
-        const num_words = (size_u + 31) / 32;
+        const num_words = std.math.divCeil(usize, size_u, 32) catch unreachable;
         if (!ctx.interpreter.gas.spend(gas_costs.G_COPY * @as(u64, @intCast(num_words)))) {
             ctx.interpreter.halt(.out_of_gas);
             return;
@@ -199,8 +199,8 @@ pub fn opExtcodecopy(ctx: *InstructionContext) void {
         return;
     };
 
-    // Dynamic: copy cost
-    const num_words = (size_u + 31) / 32;
+    // Dynamic: copy cost — use divCeil to avoid (size + 31) overflow when size = maxInt(usize)
+    const num_words = std.math.divCeil(usize, size_u, 32) catch unreachable;
     if (!ctx.interpreter.gas.spend(gas_costs.G_COPY * @as(u64, @intCast(num_words)))) {
         ctx.interpreter.halt(.out_of_gas);
         return;
@@ -489,9 +489,18 @@ pub fn makeLogFn(comptime n: u8) *const fn (ctx: *InstructionContext) void {
             const offset_u: usize = if (size_u == 0) 0 else @intCast(offset);
 
             // Dynamic: data cost + topic cost
-            const data_cost: u64 = gas_costs.G_LOGDATA * @as(u64, @intCast(size_u));
+            // Use checked arithmetic: size_u can be maxInt(usize) on 64-bit systems,
+            // making G_LOGDATA * size_u overflow a u64.
+            const data_cost: u64 = std.math.mul(u64, gas_costs.G_LOGDATA, @as(u64, @intCast(size_u))) catch {
+                ctx.interpreter.halt(.out_of_gas);
+                return;
+            };
             const topic_cost: u64 = gas_costs.G_LOGTOPIC * @as(u64, n);
-            if (!ctx.interpreter.gas.spend(data_cost + topic_cost)) {
+            const log_gas = std.math.add(u64, data_cost, topic_cost) catch {
+                ctx.interpreter.halt(.out_of_gas);
+                return;
+            };
+            if (!ctx.interpreter.gas.spend(log_gas)) {
                 ctx.interpreter.halt(.out_of_gas);
                 return;
             }

src/interpreter/opcodes/memory.zig

@@ -112,7 +112,9 @@ pub fn opMstore8(ctx: *InstructionContext) void {
     const value = stack.peekUnsafe(1);
     stack.shrinkUnsafe(2);
 
-    if (offset > std.math.maxInt(usize)) {
+    // Guard must use >= maxInt(usize) so that offset = maxInt(usize) doesn't slip through
+    // and cause offset_usize + 1 to overflow in ReleaseSafe mode.
+    if (offset >= std.math.maxInt(usize)) {
         ctx.interpreter.halt(.memory_limit_oog);
         return;
     }

src/spec_test/main.zig

@@ -88,24 +88,11 @@ pub fn main() !void {
         const root = parsed.value;
         if (root != .object) continue;
 
-        // If any top-level key contains "fork_Osaka", skip matching "fork_Prague" entries
-        var has_osaka = false;
-        {
-            var it = root.object.iterator();
-            while (it.next()) |kv| {
-                if (std.mem.indexOf(u8, kv.key_ptr.*, "fork_Osaka") != null) {
-                    has_osaka = true;
-                    break;
-                }
-            }
-        }
-
         var test_iter = root.object.iterator();
         while (test_iter.next()) |test_entry| {
             const test_name = test_entry.key_ptr.*;
             const test_obj = test_entry.value_ptr.*;
             if (test_obj != .object) continue;
-            if (has_osaka and std.mem.indexOf(u8, test_name, "fork_Prague") != null) continue;
 
             var cases: std.ArrayList(types.TestCase) = .{};
             parseTestCases(a, test_name, &test_obj.object, &cases) catch |err| {