Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: decrement types.Dec max length to keep decimal bits in DecimalPrecisionBits #11772

Merged
merged 4 commits into from
Apr 27, 2022
Merged

fix: decrement types.Dec max length to keep decimal bits in DecimalPrecisionBits #11772

merged 4 commits into from
Apr 27, 2022

Conversation

elias-orijtech
Copy link
Contributor

Description

Closes: #11732

As found by OSS-Fuzz, large numbers may overflow the current maxDecBitLen because
it assumes that DecimalPrecisionBits (60) can always be represented by Precision (18)
base-10 digits. Since 2^60 is larger than 2^18, this assumption is false.

This change fixes #11732 by only allowing 59 bits of precision on top of the 256
maxBitLen allowed for the integer part.

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

  • included the correct type prefix in the PR title
  • added ! to the type prefix if API or client breaking change
  • targeted the correct branch (see PR Targeting)
  • provided a link to the relevant issue or specification
  • followed the guidelines for building modules
  • included the necessary unit and integration tests
  • added a changelog entry to CHANGELOG.md
  • included comments for documenting Go code
  • updated the relevant documentation or specification
  • reviewed "Files changed" and left comments if necessary
  • confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

  • confirmed the correct type prefix in the PR title
  • confirmed ! in the type prefix if API or client breaking change
  • confirmed all author checklist items have been addressed
  • reviewed state machine logic
  • reviewed API design and naming
  • reviewed documentation is accurate
  • reviewed tests and test coverage
  • manually tested (if applicable)

@elias-orijtech
Copy link
Contributor Author

CC @odeke-em

odeke-em
odeke-em approved these changes Apr 26, 2022
View reviewed changes
Copy link
Collaborator

@odeke-em odeke-em left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you @elias-orijtech!

@alexanderbez
Copy link
Contributor

Do we want this backported to 0.45 and 0.46?

@alexanderbez alexanderbez added backport/0.45.x backport/0.46.x PR scheduled for inclusion in the v0.46's next stable release labels Apr 26, 2022
@alexanderbez
Copy link
Contributor

@elias-orijtech please add a changelog entry under bug fixes, and we'll merge this 🙏

robert-zaremba
robert-zaremba approved these changes Apr 26, 2022
View reviewed changes
Copy link
Collaborator

@robert-zaremba robert-zaremba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK

@robert-zaremba
Copy link
Collaborator

Do we want this backported to 0.45 and 0.46?

yes, to both

@elias-orijtech
fix: decrement types.Dec max length to keep decimal bits in DecimalPr…
7b66546 
…ecisionBits

As found by OSS-Fuzz, large numbers may overflow the current maxDecBitLen because
it assumes that DecimalPrecisionBits (60) can always be represented by Precision (18)
base-10 digits. Since 2^60 is larger than 2^18, this assumption is false.

This change fixes cosmos#11732 by only allowing 59 bits of precision on top of the 256
maxBitLen allowed for the integer part.
@elias-orijtech
Copy link
Contributor Author

@elias-orijtech please add a changelog entry under bug fixes, and we'll merge this pray

Done.

alexanderbez
alexanderbez approved these changes Apr 27, 2022
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
@alexanderbez alexanderbez added the A:automerge Automatically merge PR once all prerequisites pass. label Apr 27, 2022
@mergify mergify bot merged commit f9913c1 into cosmos:main Apr 27, 2022
mergify bot pushed a commit that referenced this pull request Apr 27, 2022
@elias-orijtech @mergify
fix: decrement types.Dec max length to keep decimal bits in DecimalPr…
25c796e 
…ecisionBits (#11772)

## Description

Closes: #11732

As found by OSS-Fuzz, large numbers may overflow the current maxDecBitLen because
it assumes that DecimalPrecisionBits (60) can always be represented by Precision (18)
base-10 digits. Since 2^60 is larger than 2^18, this assumption is false.

This change fixes #11732 by only allowing 59 bits of precision on top of the 256
maxBitLen allowed for the integer part.

---

### Author Checklist

*All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.*

I have...

- [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [x] added `!` to the type prefix if API or client breaking change
- [x] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#pr-targeting))
- [x] provided a link to the relevant issue or specification
- [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/main/docs/building-modules)
- [x] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#testing)
- [ ] added a changelog entry to `CHANGELOG.md`
- [ ] included comments for [documenting Go code](https://blog.golang.org/godoc)
- [x] updated the relevant documentation or specification
- [x] reviewed "Files changed" and left comments if necessary
- [ ] confirmed all CI checks have passed

### Reviewers Checklist

*All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.*

I have...

- [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] confirmed `!` in the type prefix if API or client breaking change
- [ ] confirmed all author checklist items have been addressed
- [ ] reviewed state machine logic
- [ ] reviewed API design and naming
- [ ] reviewed documentation is accurate
- [ ] reviewed tests and test coverage
- [ ] manually tested (if applicable)

(cherry picked from commit f9913c1)

# Conflicts:
#	CHANGELOG.md
@mergify mergify bot mentioned this pull request Apr 27, 2022
Merged
mergify bot pushed a commit that referenced this pull request Apr 27, 2022
@elias-orijtech @mergify
fix: decrement types.Dec max length to keep decimal bits in DecimalPr…
9b05b53 
…ecisionBits (#11772)

## Description

Closes: #11732

As found by OSS-Fuzz, large numbers may overflow the current maxDecBitLen because
it assumes that DecimalPrecisionBits (60) can always be represented by Precision (18)
base-10 digits. Since 2^60 is larger than 2^18, this assumption is false.

This change fixes #11732 by only allowing 59 bits of precision on top of the 256
maxBitLen allowed for the integer part.

---

### Author Checklist

*All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.*

I have...

- [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [x] added `!` to the type prefix if API or client breaking change
- [x] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#pr-targeting))
- [x] provided a link to the relevant issue or specification
- [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/main/docs/building-modules)
- [x] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#testing)
- [ ] added a changelog entry to `CHANGELOG.md`
- [ ] included comments for [documenting Go code](https://blog.golang.org/godoc)
- [x] updated the relevant documentation or specification
- [x] reviewed "Files changed" and left comments if necessary
- [ ] confirmed all CI checks have passed

### Reviewers Checklist

*All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.*

I have...

- [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] confirmed `!` in the type prefix if API or client breaking change
- [ ] confirmed all author checklist items have been addressed
- [ ] reviewed state machine logic
- [ ] reviewed API design and naming
- [ ] reviewed documentation is accurate
- [ ] reviewed tests and test coverage
- [ ] manually tested (if applicable)

(cherry picked from commit f9913c1)

# Conflicts:
#	CHANGELOG.md
@mergify mergify bot mentioned this pull request Apr 27, 2022
Merged
alexanderbez pushed a commit that referenced this pull request Apr 27, 2022
@mergify
fix: decrement types.Dec max length to keep decimal bits in DecimalPr…
ad4ad43 
…ecisionBits (backport #11772) (#11805)
alexanderbez pushed a commit that referenced this pull request Apr 27, 2022
@mergify
fix: decrement types.Dec max length to keep decimal bits in DecimalPr…
fbbed04 
…ecisionBits (backport #11772) (#11804)
@robert-zaremba robert-zaremba mentioned this pull request Jun 15, 2022
Merged
halibobo1205 added a commit to halibobo1205/java-tron that referenced this pull request Jun 16, 2022
@halibobo1205
fix(dec): fix error.
b1096c3 
   1. cosmos/cosmos-sdk#11332
   2. cosmos/cosmos-sdk#12229
   3. cosmos/cosmos-sdk#11772
@halibobo1205 halibobo1205 mentioned this pull request Jun 17, 2022
Merged
randy75828 pushed a commit to Switcheo/cosmos-sdk that referenced this pull request Aug 10, 2022
@mergify @randy75828
fix: decrement types.Dec max length to keep decimal bits in DecimalPr…
a614734 
…ecisionBits (backport cosmos#11772) (cosmos#11805)
@hallazzang hallazzang mentioned this pull request Oct 17, 2022
Merged
9 tasks
@faddat faddat mentioned this pull request Dec 11, 2023
Draft
19 tasks
JeancarloBarrios pushed a commit to agoric-labs/cosmos-sdk that referenced this pull request Sep 28, 2024
@mergify @JeancarloBarrios
fix: decrement types.Dec max length to keep decimal bits in DecimalPr…
5feae4c 
…ecisionBits (backport cosmos#11772) (cosmos#11805)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexanderbez alexanderbez alexanderbez approved these changes

@odeke-em odeke-em odeke-em approved these changes

@robert-zaremba robert-zaremba robert-zaremba approved these changes

@aaronc aaronc Awaiting requested review from aaronc

Assignees
No one assigned
Labels
A:automerge Automatically merge PR once all prerequisites pass. backport/0.46.x PR scheduled for inclusion in the v0.46's next stable release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

types: ParseCoinNormalized may panic for very large values
4 participants
@elias-orijtech @alexanderbez @robert-zaremba @odeke-em