From b0cdae46662e790e6f8add0175461eaaff0a8b86 Mon Sep 17 00:00:00 2001
From: Anna Shaleva <shaleva.ann@nspcc.ru>
Date: Thu, 2 Nov 2023 11:44:05 +0300
Subject: [PATCH] vm: reduce maximum stckitem size

To prevent possible DoS. Port the https://github.com/neo-project/neo-vm/pull/514,
close #3170.

Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
---
 pkg/vm/stackitem/item.go      | 2 +-
 pkg/vm/stackitem/json_test.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/vm/stackitem/item.go b/pkg/vm/stackitem/item.go
index 9e645589c..6f0f1d02b 100644
--- a/pkg/vm/stackitem/item.go
+++ b/pkg/vm/stackitem/item.go
@@ -21,7 +21,7 @@ const (
 	// MaxBigIntegerSizeBits is the maximum size of a BigInt item in bits.
 	MaxBigIntegerSizeBits = 32 * 8
 	// MaxSize is the maximum item size allowed in the VM.
-	MaxSize = 1024 * 1024
+	MaxSize = math.MaxUint16 * 2
 	// MaxComparableNumOfItems is the maximum number of items that can be compared for structs.
 	MaxComparableNumOfItems = MaxDeserialized
 	// MaxClonableNumOfItems is the maximum number of items that can be cloned in structs.
diff --git a/pkg/vm/stackitem/json_test.go b/pkg/vm/stackitem/json_test.go
index aa30318dc..b30a2a9f9 100644
--- a/pkg/vm/stackitem/json_test.go
+++ b/pkg/vm/stackitem/json_test.go
@@ -383,7 +383,7 @@ func TestToJSONWithTypesBadCases(t *testing.T) {
 		// until the necessary branch is covered #ididthemath.
 		arr := NewArray([]Item{
 			NewByteArray(bigBuf[:MaxSize/4*3-70]),
-			NewBigInteger(big.NewInt(1234)),
+			NewBigInteger(big.NewInt(123456)),
 		})
 		_, err := ToJSONWithTypes(arr)
 		require.ErrorIs(t, err, errTooBigSize)