From ca6857a8f20f51eaf5b2871d414f02856cec4431 Mon Sep 17 00:00:00 2001
From: ucwong <ucwong@126.com>
Date: Thu, 8 Jan 2026 18:35:05 +0800
Subject: [PATCH] core/vm: avoid escape to heap

---
 core/vm/contracts.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/core/vm/contracts.go b/core/vm/contracts.go
index e4236f850c..5c8a0c7efb 100644
--- a/core/vm/contracts.go
+++ b/core/vm/contracts.go
@@ -271,11 +271,13 @@ func (c *ecrecover) Run(input []byte) ([]byte, error) {
 	if bitutil.TestBytes(input[32:63]) || !crypto.ValidateSignatureValues(v, r, s, false) {
 		return nil, nil
 	}
-	sig := make([]byte, 65)
-	copy(sig, input[64:128])
+	// We must make sure not to modify the 'input', so placing the 'v' along with
+	// the signature needs to be done on a new allocation
+	var sig [65]byte
+	copy(sig[:], input[64:128])
 	sig[64] = v
 	// v needs to be at the end for libsecp256k1
-	pubKey, err := crypto.Ecrecover(input[:32], sig)
+	pubKey, err := crypto.Ecrecover(input[:32], sig[:])
 	// make sure the public key is a valid one
 	if err != nil {
 		return nil, nil