From 371e078feb5a891b856842e7bb791de20a1050db Mon Sep 17 00:00:00 2001 From: Krisztian Kovacs Date: Thu, 9 Jan 2025 15:55:39 +0100 Subject: [PATCH 1/2] fix(p2p,rpc): limit Cairo 0 class definition size Make sure the uncompressed size of Cairo 0 class definitions does not exceed our limit of 4 MiB. Closes #2471 --- crates/common/src/class_definition.rs | 2 ++ crates/p2p/src/client/conv.rs | 4 ++-- crates/rpc/src/types/class.rs | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/crates/common/src/class_definition.rs b/crates/common/src/class_definition.rs index e6e8c35b29..665c5466ea 100644 --- a/crates/common/src/class_definition.rs +++ b/crates/common/src/class_definition.rs @@ -10,6 +10,8 @@ use serde_with::serde_as; use crate::{ByteCodeOffset, EntryPoint}; +pub const CLASS_DEFINITION_MAX_ALLOWED_SIZE: u64 = 4 * 1024 * 1024; + #[derive(Debug, Deserialize, Dummy)] pub enum ClassDefinition<'a> { Sierra(Sierra<'a>), diff --git a/crates/p2p/src/client/conv.rs b/crates/p2p/src/client/conv.rs index 43f104915a..1e439cd77b 100644 --- a/crates/p2p/src/client/conv.rs +++ b/crates/p2p/src/client/conv.rs @@ -909,10 +909,10 @@ impl TryFromDto for CairoDefinition { let abi = dto.abi; let compressed_program = base64::decode(dto.program)?; - let mut gzip_decoder = - flate2::read::GzDecoder::new(std::io::Cursor::new(compressed_program)); + let gzip_decoder = flate2::read::GzDecoder::new(std::io::Cursor::new(compressed_program)); let mut program = Vec::new(); gzip_decoder + .take(pathfinder_common::class_definition::CLASS_DEFINITION_MAX_ALLOWED_SIZE) .read_to_end(&mut program) .context("Decompressing program JSON")?; diff --git a/crates/rpc/src/types/class.rs b/crates/rpc/src/types/class.rs index ef2efa3849..74a72226a0 100644 --- a/crates/rpc/src/types/class.rs +++ b/crates/rpc/src/types/class.rs @@ -223,10 +223,11 @@ impl CairoContractClass { pub fn serialize_to_json(&self) -> anyhow::Result> { // decode program - let mut decompressor = + let decompressor = flate2::read::GzDecoder::new(Cursor::new(base64::decode(&self.program).unwrap())); let mut program = Vec::new(); decompressor + .take(pathfinder_common::class_definition::CLASS_DEFINITION_MAX_ALLOWED_SIZE) .read_to_end(&mut program) .context("Decompressing program")?; From 56641bc5ce70f91ce1c1db00cfbf210c957b5b3a Mon Sep 17 00:00:00 2001 From: Krisztian Kovacs Date: Thu, 9 Jan 2025 15:58:12 +0100 Subject: [PATCH 2/2] chore: update CHANGELOG --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 845cbbfba7..46e36d58d0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ More expansive patch notes and explanations may be found in the specific [pathfi The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## Unreleased + +### Changed + +- Cairo 0 class definition size is now capped at 4 MiB. + ## [0.15.2] - 2024-12-04 ### Fixed