From 5e0308a1b920291b8aaa0de96f2528901e2ba3b5 Mon Sep 17 00:00:00 2001 From: Shargon Date: Wed, 26 Jun 2019 14:11:15 +0200 Subject: [PATCH 1/3] Deserialize limit --- neo/SmartContract/Helper.cs | 10 +++++----- neo/SmartContract/InteropService.cs | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/neo/SmartContract/Helper.cs b/neo/SmartContract/Helper.cs index f40dad212e..bddf741a24 100644 --- a/neo/SmartContract/Helper.cs +++ b/neo/SmartContract/Helper.cs @@ -17,16 +17,16 @@ namespace Neo.SmartContract { public static class Helper { - public static StackItem DeserializeStackItem(this byte[] data, uint maxArraySize) + public static StackItem DeserializeStackItem(this byte[] data, uint maxArraySize, uint maxItemSize = 1024 * 1024) { using (MemoryStream ms = new MemoryStream(data, false)) using (BinaryReader reader = new BinaryReader(ms)) { - return DeserializeStackItem(reader, maxArraySize); + return DeserializeStackItem(reader, maxArraySize, maxItemSize); } } - private static StackItem DeserializeStackItem(BinaryReader reader, uint maxArraySize) + private static StackItem DeserializeStackItem(BinaryReader reader, uint maxArraySize, uint maxItemSize = 1024 * 1024) { Stack deserialized = new Stack(); int undeserialized = 1; @@ -36,13 +36,13 @@ private static StackItem DeserializeStackItem(BinaryReader reader, uint maxArray switch (type) { case StackItemType.ByteArray: - deserialized.Push(new ByteArray(reader.ReadVarBytes())); + deserialized.Push(new ByteArray(reader.ReadVarBytes((int)maxItemSize))); break; case StackItemType.Boolean: deserialized.Push(new VMBoolean(reader.ReadBoolean())); break; case StackItemType.Integer: - deserialized.Push(new Integer(new BigInteger(reader.ReadVarBytes()))); + deserialized.Push(new Integer(new BigInteger(reader.ReadVarBytes((int)maxItemSize)))); break; case StackItemType.Array: case StackItemType.Struct: diff --git a/neo/SmartContract/InteropService.cs b/neo/SmartContract/InteropService.cs index 2574bd3753..77a17369fa 100644 --- a/neo/SmartContract/InteropService.cs +++ b/neo/SmartContract/InteropService.cs @@ -230,7 +230,7 @@ private static bool Runtime_Deserialize(ApplicationEngine engine) StackItem item; try { - item = engine.CurrentContext.EvaluationStack.Pop().GetByteArray().DeserializeStackItem(engine.MaxArraySize); + item = engine.CurrentContext.EvaluationStack.Pop().GetByteArray().DeserializeStackItem(engine.MaxArraySize, engine.MaxItemSize); } catch (FormatException) { From 108fc2d27f21a2ec764fa4a18406d7450813621f Mon Sep 17 00:00:00 2001 From: erikzhang Date: Wed, 26 Jun 2019 21:57:47 +0800 Subject: [PATCH 2/3] Delete optional parameters --- neo.UnitTests/UT_NeoToken.cs | 2 +- neo/SmartContract/Helper.cs | 4 ++-- neo/SmartContract/Native/Tokens/Nep5AccountState.cs | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/neo.UnitTests/UT_NeoToken.cs b/neo.UnitTests/UT_NeoToken.cs index 02f63c086e..8ef2314c23 100644 --- a/neo.UnitTests/UT_NeoToken.cs +++ b/neo.UnitTests/UT_NeoToken.cs @@ -344,7 +344,7 @@ internal static void CheckValidator(ECPoint eCPoint, DataCache.Trackable trackable, BigInteger balance, BigInteger height, ECPoint[] votes) { - var st = (VM.Types.Struct)trackable.Item.Value.DeserializeStackItem(3); + var st = (VM.Types.Struct)trackable.Item.Value.DeserializeStackItem(3, 32); st.Count.Should().Be(3); st.Select(u => u.GetType()).ToArray().Should().BeEquivalentTo(new Type[] { typeof(VM.Types.Integer), typeof(VM.Types.Integer), typeof(VM.Types.ByteArray) }); // Balance diff --git a/neo/SmartContract/Helper.cs b/neo/SmartContract/Helper.cs index bddf741a24..c41056966a 100644 --- a/neo/SmartContract/Helper.cs +++ b/neo/SmartContract/Helper.cs @@ -17,7 +17,7 @@ namespace Neo.SmartContract { public static class Helper { - public static StackItem DeserializeStackItem(this byte[] data, uint maxArraySize, uint maxItemSize = 1024 * 1024) + public static StackItem DeserializeStackItem(this byte[] data, uint maxArraySize, uint maxItemSize) { using (MemoryStream ms = new MemoryStream(data, false)) using (BinaryReader reader = new BinaryReader(ms)) @@ -26,7 +26,7 @@ public static StackItem DeserializeStackItem(this byte[] data, uint maxArraySize } } - private static StackItem DeserializeStackItem(BinaryReader reader, uint maxArraySize, uint maxItemSize = 1024 * 1024) + private static StackItem DeserializeStackItem(BinaryReader reader, uint maxArraySize, uint maxItemSize) { Stack deserialized = new Stack(); int undeserialized = 1; diff --git a/neo/SmartContract/Native/Tokens/Nep5AccountState.cs b/neo/SmartContract/Native/Tokens/Nep5AccountState.cs index 249569ebfb..2cc19f4619 100644 --- a/neo/SmartContract/Native/Tokens/Nep5AccountState.cs +++ b/neo/SmartContract/Native/Tokens/Nep5AccountState.cs @@ -19,7 +19,7 @@ public Nep5AccountState(byte[] data) public void FromByteArray(byte[] data) { - FromStruct((Struct)data.DeserializeStackItem(16)); + FromStruct((Struct)data.DeserializeStackItem(16, 32)); } protected virtual void FromStruct(Struct @struct) From a99c968b82f2940d4dd3c40920b54ee5df40bd9c Mon Sep 17 00:00:00 2001 From: erikzhang Date: Wed, 26 Jun 2019 22:01:48 +0800 Subject: [PATCH 3/3] Use `ExecutionEngine.MaxSizeForBigInteger` --- neo/SmartContract/Helper.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/neo/SmartContract/Helper.cs b/neo/SmartContract/Helper.cs index c41056966a..259e997b09 100644 --- a/neo/SmartContract/Helper.cs +++ b/neo/SmartContract/Helper.cs @@ -42,7 +42,7 @@ private static StackItem DeserializeStackItem(BinaryReader reader, uint maxArray deserialized.Push(new VMBoolean(reader.ReadBoolean())); break; case StackItemType.Integer: - deserialized.Push(new Integer(new BigInteger(reader.ReadVarBytes((int)maxItemSize)))); + deserialized.Push(new Integer(new BigInteger(reader.ReadVarBytes(ExecutionEngine.MaxSizeForBigInteger)))); break; case StackItemType.Array: case StackItemType.Struct: