[Bug/Security] 'capacity overflow' panic during Memory insertion (segment.resize)

[pventuzelo]

'capacity overflow' panic during Memory insertion (segment.resize)

We (@FuzzingLabs) found a 'capacity overflow' panic in cairo-rs v0.1.13 during Memory insertion (segment.resize):

target/release/cairo-rs-run basic.json --layout all

Expected Behavior

It should not crash.

Your Environment

• 8dba86d
• cargo 1.67.0-nightly (ba607b23d 2022-11-22)
• Ubuntu 22.04

Steps to reproduce

Download:

basic.zip

Testing program:

target/release/cairo-rs-run basic.json --layout all

Root cause

thread 'main' panicked at 'capacity overflow', library/alloc/src/raw_vec.rs:518:5

Related code: https://github.com/lambdaclass/cairo-rs/blob/8dba86dbec935fa04a255e2edf3d5d184950fa22/src/vm/vm_memory/memory.rs#L64-L68

Detailed behavior (RUST_BACKTRACE=1)

stack backtrace:
   0: rust_begin_unwind
             at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/panicking.rs:575:5
   1: core::panicking::panic_fmt
             at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/core/src/panicking.rs:65:14
   2: alloc::raw_vec::capacity_overflow
             at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/alloc/src/raw_vec.rs:518:5
   3: alloc::raw_vec::RawVec<T,A>::reserve::do_reserve_and_handle
   4: alloc::vec::Vec<T,A>::resize
   5: cairo_vm::vm::vm_memory::memory::Memory::insert
   6: cairo_vm::vm::vm_core::VirtualMachine::step
   7: cairo_vm::cairo_run::cairo_run
   8: cairo_rs_run::main

[Oppen]

Hi. Sorry for the delay on this. We had a PR that never got merged due to other concerns and a lack of dimension of the problem. I just last night had the realization of how this could be exploited to bring down the service. I'll have a fix ready shortly that should work better than what we have.