Skip to content

Commit

Permalink
fix: decrement types.Dec max length to keep decimal bits in DecimalPr…
Browse files Browse the repository at this point in the history
…ecisionBits

As found by OSS-Fuzz, large numbers may overflow the current maxDecBitLen because
it assumes that DecimalPrecisionBits (60) can always be represented by Precision (18)
base-10 digits. Since 2^60 is larger than 2^18, this assumption is false.

This change fixes cosmos#11732 by only allowing 59 bits of precision on top of the 256
maxBitLen allowed for the integer part.
  • Loading branch information
elias-orijtech committed Apr 27, 2022
1 parent 019444a commit 7b66546
Show file tree
Hide file tree
Showing 4 changed files with 33 additions and 15 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,7 @@ Ref: https://keepachangelog.com/en/1.0.0/

### Bug Fixes

* [\#11772](https://github.com/cosmos/cosmos-sdk/pull/11772) Limit types.Dec length to avoid overflow
* [\#11724](https://github.com/cosmos/cosmos-sdk/pull/11724) Fix data race issues with api.Server
* [\#11693](https://github.com/cosmos/cosmos-sdk/pull/11693) Add validation for gentx cmd.
* [\#11645](https://github.com/cosmos/cosmos-sdk/pull/11645) Fix `--home` flag ignored when running help.
Expand Down
1 change: 1 addition & 0 deletions types/coin_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -801,6 +801,7 @@ func (s *coinTestSuite) TestParseCoins() {
{"10atom10", true, sdk.Coins{{"atom10", sdk.NewInt(10)}}},
{"200transfer/channelToA/uatom", true, sdk.Coins{{"transfer/channelToA/uatom", sdk.NewInt(200)}}},
{"50ibc/7F1D3FCF4AE79E1554D670D1AD949A9BA4E4A3C76C63093E17E446A46061A7A2", true, sdk.Coins{{"ibc/7F1D3FCF4AE79E1554D670D1AD949A9BA4E4A3C76C63093E17E446A46061A7A2", sdk.NewInt(50)}}},
{"120000000000000000000000000000000000000000000000000000000000000000000000000000btc", false, nil},
}

for tcIndex, tc := range cases {
Expand Down
11 changes: 8 additions & 3 deletions types/decimal.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,16 @@ const (
// number of decimal places
Precision = 18

// bytes required to represent the above precision
// Ceiling[Log2[999 999 999 999 999 999]]
// bits required to represent the above precision
// Ceiling[Log2[10^Precision - 1]]
DecimalPrecisionBits = 60

maxDecBitLen = maxBitLen + DecimalPrecisionBits
// decimalTruncateBits is the minimum number of bits removed
// by a truncate operation. It is equal to
// Floor[Log2[10^Precision - 1]].
decimalTruncateBits = DecimalPrecisionBits - 1

maxDecBitLen = maxBitLen + decimalTruncateBits

// max number of iterations in ApproxRoot function
maxApproxRootIterations = 100
Expand Down
35 changes: 23 additions & 12 deletions types/decimal_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"encoding/json"
"fmt"
"math/big"
"strings"
"testing"

"github.com/stretchr/testify/require"
Expand Down Expand Up @@ -57,10 +58,10 @@ func (s *decimalTestSuite) TestNewDecFromStr() {
largeBigInt, ok := new(big.Int).SetString("3144605511029693144278234343371835", 10)
s.Require().True(ok)

largerBigInt, ok := new(big.Int).SetString("88888888888888888888888888888888888888888888888888888888888888888888844444440", 10)
largerBigInt, ok := new(big.Int).SetString("8888888888888888888888888888888888888888888888888888888888888888888844444440", 10)
s.Require().True(ok)

largestBigInt, ok := new(big.Int).SetString("133499189745056880149688856635597007162669032647290798121690100488888732861290034376435130433535", 10)
largestBigInt, ok := new(big.Int).SetString("33499189745056880149688856635597007162669032647290798121690100488888732861290034376435130433535", 10)
s.Require().True(ok)

tests := []struct {
Expand All @@ -87,8 +88,8 @@ func (s *decimalTestSuite) TestNewDecFromStr() {
{"foobar", true, sdk.Dec{}},
{"0.foobar", true, sdk.Dec{}},
{"0.foobar.", true, sdk.Dec{}},
{"88888888888888888888888888888888888888888888888888888888888888888888844444440", false, sdk.NewDecFromBigInt(largerBigInt)},
{"133499189745056880149688856635597007162669032647290798121690100488888732861290.034376435130433535", false, sdk.NewDecFromBigIntWithPrec(largestBigInt, 18)},
{"8888888888888888888888888888888888888888888888888888888888888888888844444440", false, sdk.NewDecFromBigInt(largerBigInt)},
{"33499189745056880149688856635597007162669032647290798121690100488888732861290.034376435130433535", false, sdk.NewDecFromBigIntWithPrec(largestBigInt, 18)},
{"133499189745056880149688856635597007162669032647290798121690100488888732861291", true, sdk.Dec{}},
}

Expand Down Expand Up @@ -480,10 +481,14 @@ func (s *decimalTestSuite) TestDecSortableBytes() {
}

func (s *decimalTestSuite) TestDecEncoding() {
largestBigInt, ok := new(big.Int).SetString("133499189745056880149688856635597007162669032647290798121690100488888732861290034376435130433535", 10)
largestBigInt, ok := new(big.Int).SetString("33499189745056880149688856635597007162669032647290798121690100488888732861290034376435130433535", 10)
s.Require().True(ok)

smallestBigInt, ok := new(big.Int).SetString("-133499189745056880149688856635597007162669032647290798121690100488888732861290034376435130433535", 10)
smallestBigInt, ok := new(big.Int).SetString("-33499189745056880149688856635597007162669032647290798121690100488888732861290034376435130433535", 10)
s.Require().True(ok)

const maxDecBitLen = 315
maxInt, ok := new(big.Int).SetString(strings.Repeat("1", maxDecBitLen), 2)
s.Require().True(ok)

testCases := []struct {
Expand Down Expand Up @@ -523,15 +528,21 @@ func (s *decimalTestSuite) TestDecEncoding() {
},
{
sdk.NewDecFromBigIntWithPrec(largestBigInt, 18),
"313333343939313839373435303536383830313439363838383536363335353937303037313632363639303332363437323930373938313231363930313030343838383838373332383631323930303334333736343335313330343333353335",
"\"133499189745056880149688856635597007162669032647290798121690100488888732861290.034376435130433535\"",
"\"133499189745056880149688856635597007162669032647290798121690100488888732861290.034376435130433535\"\n",
"3333343939313839373435303536383830313439363838383536363335353937303037313632363639303332363437323930373938313231363930313030343838383838373332383631323930303334333736343335313330343333353335",
"\"33499189745056880149688856635597007162669032647290798121690100488888732861290.034376435130433535\"",
"\"33499189745056880149688856635597007162669032647290798121690100488888732861290.034376435130433535\"\n",
},
{
sdk.NewDecFromBigIntWithPrec(smallestBigInt, 18),
"2D313333343939313839373435303536383830313439363838383536363335353937303037313632363639303332363437323930373938313231363930313030343838383838373332383631323930303334333736343335313330343333353335",
"\"-133499189745056880149688856635597007162669032647290798121690100488888732861290.034376435130433535\"",
"\"-133499189745056880149688856635597007162669032647290798121690100488888732861290.034376435130433535\"\n",
"2D3333343939313839373435303536383830313439363838383536363335353937303037313632363639303332363437323930373938313231363930313030343838383838373332383631323930303334333736343335313330343333353335",
"\"-33499189745056880149688856635597007162669032647290798121690100488888732861290.034376435130433535\"",
"\"-33499189745056880149688856635597007162669032647290798121690100488888732861290.034376435130433535\"\n",
},
{
sdk.NewDecFromBigIntWithPrec(maxInt, 18),
"3636373439353934383732353238343430303734383434343238333137373938353033353831333334353136333233363435333939303630383435303530323434343434333636343330363435303137313838323137353635323136373637",
"\"66749594872528440074844428317798503581334516323645399060845050244444366430645.017188217565216767\"",
"\"66749594872528440074844428317798503581334516323645399060845050244444366430645.017188217565216767\"\n",
},
}

Expand Down

0 comments on commit 7b66546

Please sign in to comment.