Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: decrement types.Dec max length to keep decimal bits in DecimalPrecisionBits (backport #11772) #11804

Merged
merged 3 commits into from
Apr 27, 2022

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Apr 27, 2022

This is an automatic backport of pull request #11772 done by Mergify.
Cherry-pick of f9913c1 has failed:

On branch mergify/bp/release/v0.46.x/pr-11772
Your branch is up to date with 'origin/release/v0.46.x'.

You are currently cherry-picking commit f9913c139.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   types/coin_test.go
	modified:   types/decimal.go
	modified:   types/decimal_test.go

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   CHANGELOG.md

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally


Mergify commands and options

More conditions and actions can be found in the documentation.

You can also trigger Mergify actions by commenting on this pull request:

  • @Mergifyio refresh will re-evaluate the rules
  • @Mergifyio rebase will rebase this PR on its base branch
  • @Mergifyio update will merge the base branch into this PR
  • @Mergifyio backport <destination> will backport this PR on <destination> branch

Additionally, on Mergify dashboard you can:

  • look at your merge queues
  • generate the Mergify configuration with the config editor.

Finally, you can contact us on https://mergify.com

…ecisionBits (#11772)

## Description

Closes: #11732

As found by OSS-Fuzz, large numbers may overflow the current maxDecBitLen because
it assumes that DecimalPrecisionBits (60) can always be represented by Precision (18)
base-10 digits. Since 2^60 is larger than 2^18, this assumption is false.

This change fixes #11732 by only allowing 59 bits of precision on top of the 256
maxBitLen allowed for the integer part.

---

### Author Checklist

*All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.*

I have...

- [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [x] added `!` to the type prefix if API or client breaking change
- [x] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#pr-targeting))
- [x] provided a link to the relevant issue or specification
- [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/main/docs/building-modules)
- [x] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#testing)
- [ ] added a changelog entry to `CHANGELOG.md`
- [ ] included comments for [documenting Go code](https://blog.golang.org/godoc)
- [x] updated the relevant documentation or specification
- [x] reviewed "Files changed" and left comments if necessary
- [ ] confirmed all CI checks have passed

### Reviewers Checklist

*All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.*

I have...

- [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] confirmed `!` in the type prefix if API or client breaking change
- [ ] confirmed all author checklist items have been addressed
- [ ] reviewed state machine logic
- [ ] reviewed API design and naming
- [ ] reviewed documentation is accurate
- [ ] reviewed tests and test coverage
- [ ] manually tested (if applicable)

(cherry picked from commit f9913c1)

# Conflicts:
#	CHANGELOG.md
@mergify mergify bot requested review from aaronc and alexanderbez as code owners April 27, 2022 16:46
@mergify mergify bot added the conflicts label Apr 27, 2022
@alexanderbez alexanderbez merged commit fbbed04 into release/v0.46.x Apr 27, 2022
@alexanderbez alexanderbez deleted the mergify/bp/release/v0.46.x/pr-11772 branch April 27, 2022 22:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants