types: make NewDecFromStr returns error for too large decimal (#9157)

Otherwise, NewDecFromStr may accept very large input, causing Dec methods panic, e.g Dec.TruncateInt Found by oss-fuzz: https://oss-fuzz.com/testcase-detail/6454129938530304 Fixes #9160
2021-04-22 17:21:27 +07:00 · 2021-04-22 17:21:27 +07:00 · e28271b8e6
parent 1a15412b92
commit e28271b8e6
2 changed files with 5 additions and 1 deletions
--- a/types/decimal.go
+++ b/types/decimal.go
@ -177,6 +177,9 @@ func NewDecFromStr(str string) (Dec, error) {
 	if !ok {
 		return Dec{}, fmt.Errorf("failed to set decimal string: %s", combinedStr)
 	}
+	if combined.BitLen() > maxBitLen {
+		return Dec{}, fmt.Errorf("decimal out of range; bitLen: got %d, max %d", combined.BitLen(), maxBitLen)
+	}
 	if neg {
 		combined = new(big.Int).Neg(combined)
 	}
--- a/types/decimal_test.go
+++ b/types/decimal_test.go
@ -8,7 +8,7 @@ import (
 	"testing"

 	"github.com/stretchr/testify/suite"
-	yaml "gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v2"

 	sdk "github.com/cosmos/cosmos-sdk/types"
 )
@ -57,6 +57,7 @@ func (s *decimalTestSuite) TestNewDecFromStr() {
 		{"foobar", true, sdk.Dec{}},
 		{"0.foobar", true, sdk.Dec{}},
 		{"0.foobar.", true, sdk.Dec{}},
+		{"88888888888888888888888888888888888888888888888888888888888888888888844444440", true, sdk.Dec{}},
 	}

 	for tcIndex, tc := range tests {