Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: decrement types.Dec max length to keep decimal bits in DecimalPrecisionBits (backport #11772) #11805

Merged
merged 3 commits into from
Apr 27, 2022

Commits on Apr 27, 2022

  1. fix: decrement types.Dec max length to keep decimal bits in DecimalPr…

    …ecisionBits (#11772)
    
    ## Description
    
    Closes: #11732
    
    As found by OSS-Fuzz, large numbers may overflow the current maxDecBitLen because
    it assumes that DecimalPrecisionBits (60) can always be represented by Precision (18)
    base-10 digits. Since 2^60 is larger than 2^18, this assumption is false.
    
    This change fixes #11732 by only allowing 59 bits of precision on top of the 256
    maxBitLen allowed for the integer part.
    
    ---
    
    ### Author Checklist
    
    *All items are required. Please add a note to the item if the item is not applicable and
    please add links to any relevant follow up issues.*
    
    I have...
    
    - [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
    - [x] added `!` to the type prefix if API or client breaking change
    - [x] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#pr-targeting))
    - [x] provided a link to the relevant issue or specification
    - [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/main/docs/building-modules)
    - [x] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#testing)
    - [ ] added a changelog entry to `CHANGELOG.md`
    - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc)
    - [x] updated the relevant documentation or specification
    - [x] reviewed "Files changed" and left comments if necessary
    - [ ] confirmed all CI checks have passed
    
    ### Reviewers Checklist
    
    *All items are required. Please add a note if the item is not applicable and please add
    your handle next to the items reviewed if you only reviewed selected items.*
    
    I have...
    
    - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
    - [ ] confirmed `!` in the type prefix if API or client breaking change
    - [ ] confirmed all author checklist items have been addressed
    - [ ] reviewed state machine logic
    - [ ] reviewed API design and naming
    - [ ] reviewed documentation is accurate
    - [ ] reviewed tests and test coverage
    - [ ] manually tested (if applicable)
    
    (cherry picked from commit f9913c1)
    
    # Conflicts:
    #	CHANGELOG.md
    elias-orijtech authored and mergify[bot] committed Apr 27, 2022
    Configuration menu
    Copy the full SHA
    9b05b53 View commit details
    Browse the repository at this point in the history
  2. updates

    alexanderbez committed Apr 27, 2022
    Configuration menu
    Copy the full SHA
    b574fd5 View commit details
    Browse the repository at this point in the history
  3. updates

    alexanderbez committed Apr 27, 2022
    Configuration menu
    Copy the full SHA
    51d783d View commit details
    Browse the repository at this point in the history