Specify storage limits, enforce when encoding, fix bignum encoding

go.mod

@@ -23,3 +23,5 @@ require (
 	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
 	gopkg.in/yaml.v2 v2.2.5 // indirect
 )
+
+replace github.com/fxamacker/cbor/v2 => github.com/turbolent/cbor/v2 v2.2.1-0.20200911003300-cac23af49154

go.sum

@@ -4,8 +4,6 @@ github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/fxamacker/cbor/v2 v2.2.0 h1:6eXqdDDe588rSYAi1HfZKbx6YYQO4mxQ9eC6xYpU/JQ=
-github.com/fxamacker/cbor/v2 v2.2.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
 github.com/go-test/deep v1.0.5 h1:AKODKU3pDH1RzZzm6YZu77YWtEAq6uh1rLIAQlay2qc=
 github.com/go-test/deep v1.0.5/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8=
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
@@ -41,6 +39,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/turbolent/cbor/v2 v2.2.1-0.20200911003300-cac23af49154 h1:CSkqhj5tW/xAO4hdGtLsHXJczcpPsWtatCn7Y03scrU=
+github.com/turbolent/cbor/v2 v2.2.1-0.20200911003300-cac23af49154/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=

languageserver/go.mod

@@ -13,3 +13,5 @@ require (
 )
 
 replace github.com/onflow/cadence => ../
+
+replace github.com/fxamacker/cbor/v2 => github.com/turbolent/cbor/v2 v2.2.1-0.20200911003300-cac23af49154

languageserver/go.sum

@@ -51,8 +51,6 @@ github.com/ethereum/go-ethereum v1.9.9/go.mod h1:a9TqabFudpDu1nucId+k9S8R9whYaHn
 github.com/fatih/color v1.3.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fjl/memsize v0.0.0-20180418122429-ca190fb6ffbc/go.mod h1:VvhXpOYNQvB+uIk2RvXzuaQtkQJzzIx6lSBe1xv7hi0=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fxamacker/cbor/v2 v2.2.0 h1:6eXqdDDe588rSYAi1HfZKbx6YYQO4mxQ9eC6xYpU/JQ=
-github.com/fxamacker/cbor/v2 v2.2.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
 github.com/gballet/go-libpcsclite v0.0.0-20190607065134-2772fd86a8ff/go.mod h1:x7DCsMOv1taUwEWCzT4cmDeAkigA5/QCwUodaVOe8Ww=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
@@ -168,6 +166,8 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/syndtr/goleveldb v1.0.1-0.20190923125748-758128399b1d/go.mod h1:9OrXJhf154huy1nPWmuSrkgjPUtUNhA+Zmy+6AESzuA=
+github.com/turbolent/cbor/v2 v2.2.1-0.20200911003300-cac23af49154 h1:CSkqhj5tW/xAO4hdGtLsHXJczcpPsWtatCn7Y03scrU=
+github.com/turbolent/cbor/v2 v2.2.1-0.20200911003300-cac23af49154/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
 github.com/tyler-smith/go-bip39 v1.0.1-0.20181017060643-dbb3b84ba2ef/go.mod h1:sJ5fKU0s6JVwZjjcUEX2zFOnvq0ASQ2K9Zr6cf67kNs=
 github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/wsddn/go-ecdh v0.0.0-20161211032359-48726bab9208/go.mod h1:IotVbo4F+mw0EzQ08zFqg7pK3FebNXpaMsRy2RT+Ees=

runtime/interpreter/decode.go

@@ -38,6 +38,7 @@ import (
 type Decoder struct {
 	decoder *cbor.Decoder
 	owner   *common.Address
+	version uint16
 }
 
 // Decode returns a value decoded from its CBOR-encoded representation,
@@ -47,11 +48,11 @@ type Decoder struct {
 // For example, path elements are appended for array elements (the index),
 // dictionary values (the key), and composites (the field name).
 //
-func DecodeValue(b []byte, owner *common.Address, path []string) (Value, error) {
+func DecodeValue(b []byte, owner *common.Address, path []string, version uint16) (Value, error) {
 
 	reader := bytes.NewReader(b)
 
-	decoder, err := NewDecoder(reader, owner)
+	decoder, err := NewDecoder(reader, owner, version)
 	if err != nil {
 		return nil, err
 	}
@@ -69,18 +70,28 @@ func DecodeValue(b []byte, owner *common.Address, path []string) (Value, error)
 //
 // It sets the given address as the owner (can be `nil`).
 //
-func NewDecoder(r io.Reader, owner *common.Address) (*Decoder, error) {
-	decMode, err := cbor.DecOptions{}.DecModeWithTags(cborTagSet)
+func NewDecoder(r io.Reader, owner *common.Address, version uint16) (*Decoder, error) {
+	dm, err := decMode()
 	if err != nil {
 		return nil, err
 	}
 
 	return &Decoder{
-		decoder: decMode.NewDecoder(r),
+		decoder: dm.NewDecoder(r),
 		owner:   owner,
+		version: version,
 	}, nil
 }
 
+func decMode() (cbor.DecMode, error) {
+	return cbor.DecOptions{
+		IntDec:           cbor.IntDecConvertNone,
+		MaxArrayElements: 512 * 1024,
+		MaxMapPairs:      512 * 1024,
+		MaxNestedLevels:  256,
+	}.DecMode()
+}
+
 // Decode reads CBOR-encoded bytes from the io.Reader and decodes them to a value.
 //
 func (d *Decoder) Decode(path []string) (Value, error) {
@@ -448,29 +459,28 @@ func (d *Decoder) decodeComposite(v interface{}, path []string) (*CompositeValue
 	return compositeValue, nil
 }
 
+var bigOne = big.NewInt(1)
+
 func (d *Decoder) decodeBig(v interface{}) (*big.Int, error) {
-	tag, ok := v.(cbor.Tag)
+	bigInt, ok := v.(big.Int)
 	if !ok {
 		return nil, fmt.Errorf("invalid bignum encoding: %T", v)
 	}
 
-	b, ok := tag.Content.([]byte)
-	if !ok {
-		return nil, fmt.Errorf("invalid bignum content encoding: %T", v)
-	}
-
-	bigInt := new(big.Int).SetBytes(b)
+	// The encoding of negative bignums is specified in
+	// https://tools.ietf.org/html/rfc7049#section-2.4.2:
+	// "For tag value 3, the value of the bignum is -1 - n."
+	//
+	// Negative bignums were encoded incorrectly in version < 2,
+	// as just -n.
+	//
+	// Fix this by adjusting by one.
 
-	switch tag.Number {
-	case cborTagPositiveBignum:
-		break
-	case cborTagNegativeBignum:
-		bigInt.Neg(bigInt)
-	default:
-		return nil, fmt.Errorf("invalid Int content tag: %v", tag.Number)
+	if bigInt.Sign() < 0 && d.version < 2 {
+		bigInt.Add(&bigInt, bigOne)
 	}
 
-	return bigInt, nil
+	return &bigInt, nil
 }
 
 func (d *Decoder) decodeInt(v interface{}) (IntValue, error) {