Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[backport] consensus decode from finite decoder. #1360

Merged
merged 4 commits into from Nov 2, 2022
Merged

[backport] consensus decode from finite decoder. #1360

merged 4 commits into from Nov 2, 2022

Conversation

sanket1729
Copy link
Member

Backport for #1023. Required for #997. Addresses issues like #1359

@sanket1729
Copy link
Member Author

Perhaps, we can get a review here and make 0.28.2 with the bug fix. Since @apoelstra is offline for the next two weeks, I think @TheBlueMatt has permission to push to crates io.

@sanket1729 sanket1729 mentioned this pull request Nov 1, 2022
Merged
@sanket1729
Copy link
Member Author

duh, this is more involved because we changed the MSRV in between.

@sanket1729 sanket1729 changed the title [backport] consensus from finite decoder. [backport] consensus decode from finite decoder. Nov 1, 2022
dpc and others added 2 commits November 1, 2022 14:56
@dpc @sanket1729
Add consensus_decode_from_finite_reader optimization
e003e57 
As things are right now, memory exhaustion protection in `Decodable`
is based on checking input-decoded lengths against arbitrary limits,
and ad-hoc wrapping collection deserialization in `Take`.

The problem with that are two-fold:

* Potential consensus bugs due to incorrect limits.
* Performance degradation when decoding nested structured,
  due to recursive `Take<Take<..>>` readers.

This change introduces a systematic approach to the problem.

A concept of a "size-limited-reader" is introduced to rely on
the input data to finish at enforced limit and fail deserialization.

Memory exhaustion protection is now achived by capping allocations
to reasonable values, yet allowing the underlying collections
to grow to accomodate rare yet legitmately oversized data (with tiny
performance cost), and reliance on input data size limit.

A set of simple rules allow avoiding recursive `Take` wrappers.

Fix rust-bitcoin#997
@apoelstra @sanket1729
fuzz: disable features in honggfuzz
7baa21c
@TheBlueMatt
Copy link
Member

Yea, I think that makes sense, if we can do it without breaking the MSRV.

@TheBlueMatt
Copy link
Member

Also I assume we'll want a new branch? The branch is labeled "0.28.1"? We probably want the 0.28.x branch.

@tcharding
Copy link
Member

I thought there were three patches in the hong-fuzz fix, they can be seen on the 0.29.2 backport. Can we have the version bump as a final patch after all the backport patches as well please?

@sanket1729
Copy link
Member Author

sanket1729 commented Nov 1, 2022
edited

@tcharding thanks for the patches. Working on it. @TheBlueMatt , the 0.28.x is not updated to 0.28.1 tip. Will also do that and raise PR against it.

@sanket1729 sanket1729 changed the base branch from branch-0.28.1 to 0.28.x November 1, 2022 22:40
@sanket1729
Copy link
Member Author

CI cleared, ready for review/publication.

TheBlueMatt
TheBlueMatt approved these changes Nov 1, 2022
View reviewed changes
Copy link
Member

@TheBlueMatt TheBlueMatt left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK a0489d4.

Patches both look good and match the 0.29 versions.

@TheBlueMatt
Copy link
Member

@tcharding can you ack? Would like a second set of eyeballs here and then we can cut a release, I think.

@tcharding
Copy link
Member

ACK a0489d4

I verified that the first patch is the same as the original patch but with import statement changes.

@TheBlueMatt TheBlueMatt merged commit bd59925 into rust-bitcoin:0.28.x Nov 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TheBlueMatt TheBlueMatt TheBlueMatt approved these changes

@tcharding tcharding tcharding approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@sanket1729 @TheBlueMatt @tcharding @dpc @apoelstra