Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(gnovm): protect TypedValue stringer against deep recursivity #3790

Merged
merged 3 commits into from
Feb 21, 2025
Merged

fix(gnovm): protect TypedValue stringer against deep recursivity #3790

merged 3 commits into from
Feb 21, 2025

Conversation

mvertes
Copy link
Contributor

@mvertes mvertes commented Feb 19, 2025

The protectedStringer is improved by limiting the successive number of nested calls when constructing the string representation of a deeply recursive value.

Fixes #3471.

@mvertes
fix(gnovm): protect TypedValue stringer against deep recursivity
d923b1b 
The protectedStringer is improved by limiting the successive number of
nested calls when constructing the string representation of a deeply
recursive value.

Fixes #3471.
@github-actions github-actions bot added the 📦 🤖 gnovm Issues or PRs gnovm related label Feb 19, 2025
@Gno2D2
Copy link
Collaborator

Gno2D2 commented Feb 19, 2025
edited
Loading

🛠 PR Checks Summary

All Automated Checks passed. ✅

Manual Checks (for Reviewers):
  • IGNORE the bot requirements for this PR (force green CI check)
Read More

🤖 This bot helps streamline PR reviews by verifying automated checks and providing guidance for contributors and reviewers.

✅ Automated Checks (for Contributors):

No automated checks match this pull request.

☑️ Contributor Actions:
  1. Fix any issues flagged by automated checks.
  2. Follow the Contributor Checklist to ensure your PR is ready for review.
    • Add new tests, or document why they are unnecessary.
    • Provide clear examples/screenshots, if necessary.
    • Update documentation, if required.
    • Ensure no breaking changes, or include BREAKING CHANGE notes.
    • Link related issues/PRs, where applicable.
☑️ Reviewer Actions:
  1. Complete manual checks for the PR, including the guidelines and additional checks if applicable.
📚 Resources:
Debug
Manual Checks
**IGNORE** the bot requirements for this PR (force green CI check)

If

🟢 Condition met
└── 🟢 On every pull request

Can be checked by

  • Any user with comment edit permission

@codecov Codecov
Copy link

codecov bot commented Feb 19, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

📢 Thoughts on this report? Let us know!

@thehowl
Copy link
Member

thehowl commented Feb 19, 2025

Does this fail to create problems on-chain?

@thehowl thehowl requested a review from ltzmaxwell February 19, 2025 16:43
@mvertes
Copy link
Contributor Author

mvertes commented Feb 20, 2025
edited
Loading

Does this fail to create problems on-chain?

This change will at least prevent high computing cost issues when calling Render() on too much recursive data. It doesn't forbid such data to be created.

It doesn't address possible high computing costs when marshalling/unmarshalling such kind of data, if it has to be persisted on chain.

A possible solution to that could be to apply the same recursivity detection strategy at Marshall to fail persistence if necessary.

@Kouteki Kouteki added this to the 🚀 Mainnet beta launch milestone Feb 21, 2025
ltzmaxwell
ltzmaxwell approved these changes Feb 21, 2025
View reviewed changes
Copy link
Contributor

@ltzmaxwell ltzmaxwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if it completely addressed #3471, but this fix LGTM.

@ltzmaxwell ltzmaxwell merged commit 85b3c0b into master Feb 21, 2025
65 checks passed
@ltzmaxwell ltzmaxwell deleted the gno-fix-3471 branch February 21, 2025 16:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thehowl thehowl thehowl approved these changes

@ltzmaxwell ltzmaxwell ltzmaxwell approved these changes

@petar-dambovaliev petar-dambovaliev Awaiting requested review from petar-dambovaliev

Assignees

@mvertes mvertes

Labels
📦 🤖 gnovm Issues or PRs gnovm related
Projects
🧙‍♂️gno.land core team
Status: Done
Milestone
🚀 Mainnet beta launch
Development

Successfully merging this pull request may close these issues.

Denial of service when creating deeply nested structure
5 participants
@mvertes @Gno2D2 @thehowl @ltzmaxwell @Kouteki