stackitem: limit deserialized arrays/maps

See neo-project/neo#2531, even though they use MaxStackSize there resulting element is not valid unless it has <=MaxArraySize elements.
2021-07-16 12:28:11 +03:00 · 2021-07-16 12:28:11 +03:00 · fbe8bd2d9c
commit fbe8bd2d9c
parent 654c4a6589
3 changed files with 34 additions and 0 deletions
--- a/pkg/vm/stackitem/item.go
+++ b/pkg/vm/stackitem/item.go
@ -63,6 +63,7 @@ var (
 	// value exceeds MaxSize.
 	ErrTooBig = errors.New("too big")
 	errTooBigArray      = fmt.Errorf("%w: array", ErrTooBig)
 	errTooBigComparable = fmt.Errorf("%w: uncomparable", ErrTooBig)
 	errTooBigInteger    = fmt.Errorf("%w: integer", ErrTooBig)
 	errTooBigKey        = fmt.Errorf("%w: map key", ErrTooBig)
--- a/pkg/vm/stackitem/serialization.go
+++ b/pkg/vm/stackitem/serialization.go
@ -210,6 +210,10 @@ func decodeBinary(r *io.BinReader, allowInvalid bool) Item {
 		return NewBigInteger(num)
 	case ArrayT, StructT:
 		size := int(r.ReadVarUint())
 		if size > MaxArraySize {
 			r.Err = errTooBigArray
 			return nil
 		}
 		arr := make([]Item, size)
 		for i := 0; i < size; i++ {
 			arr[i] = decodeBinary(r, allowInvalid)
@ -221,6 +225,10 @@ func decodeBinary(r *io.BinReader, allowInvalid bool) Item {
 		return NewStruct(arr)
 	case MapT:
 		size := int(r.ReadVarUint())
 		if size > MaxArraySize {
 			r.Err = errTooBigArray
 			return nil
 		}
 		m := NewMap()
 		for i := 0; i < size; i++ {
 			key := decodeBinary(r, allowInvalid)
--- a/pkg/vm/stackitem/serialization_test.go
+++ b/pkg/vm/stackitem/serialization_test.go
@ -39,6 +39,7 @@ func testSerialize(t *testing.T, expectedErr error, item Item) {
 func TestSerialize(t *testing.T) {
 	bigByteArray := NewByteArray(make([]byte, MaxSize/2))
 	smallByteArray := NewByteArray(make([]byte, MaxSize/4))
 	zeroByteArray := NewByteArray(make([]byte, 0))
 	testArray := func(t *testing.T, newItem func([]Item) Item) {
 		arr := newItem([]Item{bigByteArray})
 		testSerialize(t, nil, arr)
@ -50,6 +51,18 @@ func TestSerialize(t *testing.T) {
 		arr.Value().([]Item)[0] = arr
 		testSerialize(t, ErrRecursive, arr)
 		items := make([]Item, 0, MaxArraySize)
 		for i := 0; i < MaxArraySize; i++ {
 			items = append(items, zeroByteArray)
 		}
 		testSerialize(t, nil, newItem(items))
 		items = append(items, zeroByteArray)
 		data, err := Serialize(newItem(items))
 		require.NoError(t, err)
 		_, err = Deserialize(data)
 		require.True(t, errors.Is(err, ErrTooBig), err)
 	}
 	t.Run("array", func(t *testing.T) {
 		testArray(t, func(items []Item) Item { return NewArray(items) })
@ -126,6 +139,18 @@ func TestSerialize(t *testing.T) {
 		m.Add(Make(0), NewByteArray(make([]byte, MaxSize-MaxKeySize)))
 		m.Add(NewByteArray(make([]byte, MaxKeySize)), Make(1))
 		testSerialize(t, ErrTooBig, m)
 		m = NewMap()
 		for i := 0; i < MaxArraySize; i++ {
 			m.Add(Make(i), zeroByteArray)
 		}
 		testSerialize(t, nil, m)
 		m.Add(Make(100500), zeroByteArray)
 		data, err := Serialize(m)
 		require.NoError(t, err)
 		_, err = Deserialize(data)
 		require.True(t, errors.Is(err, ErrTooBig), err)
 	})
 }