Ensure conversions don't break on too-large arguments

IntersectMBO · Nov 28, 2023 · 19630d5 · 19630d5
1 parent 4e1ef6b
commit 19630d5
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 7 deletions.
diff --git a/plutus-core/plutus-core/src/PlutusCore/Builtin/Convert.hs b/plutus-core/plutus-core/src/PlutusCore/Builtin/Convert.hs
@@ -33,7 +33,7 @@ integerToByteStringWrapper endiannessArg paddingArg input =
     -- We use fromIntegral here, despite advice to the contrary in general when defining builtin
     -- denotations. For why we do this (and why it's both inevitable and not really a concern
     -- anyway), see Note [fromIntegral and padding arguments].
-    case integerToByteString (fromIntegral paddingArg) endianness input of
+    case integerToByteString (fromIntegral (max 0 paddingArg)) endianness input of
       Left err -> case err of
         NegativeInput -> do
           emit "builtinIntegerToByteString: cannot convert negative Integer"

diff --git a/plutus-tx/src/PlutusTx/Builtins/Internal.hs b/plutus-tx/src/PlutusTx/Builtins/Internal.hs
@@ -691,12 +691,18 @@ builtinIntegerToByteString ::
   BuiltinInteger ->
   BuiltinInteger ->
   BuiltinByteString
-builtinIntegerToByteString (BuiltinBool endiannessArg) paddingArg input =
-  case Convert.integerToByteStringWrapper endiannessArg paddingArg input of
-    Emitter f -> case runWriter f of
-      (result, logs) -> traceAll logs $ case result of
-        EvaluationFailure    -> mustBeReplaced "Integer to ByteString conversion errored."
-        EvaluationSuccess bs -> BuiltinByteString bs
+builtinIntegerToByteString (BuiltinBool endiannessArg) paddingArg input
+    -- Until costing for this builtin gets done, we run the risk of blowing up due to excessive
+    -- allocation demands. We thus limit the requested size to at most 10KiB, which should be
+    -- more than enough for anyone. This is designed to be temporary, and should be removed once
+    -- costing has been addressed.
+  | paddingArg > 10240 = mustBeReplaced "Exceeded temporary limit of 10 KiB when converting"
+  | otherwise =
+      case Convert.integerToByteStringWrapper endiannessArg paddingArg input of
+        Emitter f -> case runWriter f of
+          (result, logs) -> traceAll logs $ case result of
+            EvaluationFailure    -> mustBeReplaced "Integer to ByteString conversion errored."
+            EvaluationSuccess bs -> BuiltinByteString bs
 
 {-# NOINLINE builtinByteStringToInteger #-}
 builtinByteStringToInteger ::