runtime: Adjust gas cost and limit input to json.fromBytes (#4595)

leoyvens · Filippo Costa · commit 0185ca55071e · 2023-05-04T17:10:47.000+02:00
diff --git a/graph/src/runtime/gas/costs.rs b/graph/src/runtime/gas/costs.rs
@@ -74,3 +74,10 @@ pub const STORE_GET: GasOp = GasOp {
 };
 
 pub const STORE_REMOVE: GasOp = STORE_SET;
+
+// Deeply nested JSON can take over 100x the memory of the serialized format, so multiplying the
+// size cost by 100 makes sense.
+pub const JSON_FROM_BYTES: GasOp = GasOp {
+    base_cost: DEFAULT_BASE_COST,
+    size_mult: DEFAULT_GAS_PER_BYTE * 100,
+};
diff --git a/runtime/test/src/test.rs b/runtime/test/src/test.rs
@@ -327,31 +327,39 @@ async fn test_json_parsing(api_version: Version, gas_used: u64) {
     )
     .await;
 
+    // Parse valid JSON and get it back
+    let s = "\"foo\""; // Valid because there are quotes around `foo`
+    let bytes: &[u8] = s.as_ref();
+    let return_value: AscPtr<AscString> = module.invoke_export1("handleJsonError", bytes);
+
+    let output: String = module.asc_get(return_value).unwrap();
+    assert_eq!(output, "OK: foo, ERROR: false");
+    assert_eq!(module.gas_used(), gas_used);
+
     // Parse invalid JSON and handle the error gracefully
     let s = "foo"; // Invalid because there are no quotes around `foo`
     let bytes: &[u8] = s.as_ref();
     let return_value: AscPtr<AscString> = module.invoke_export1("handleJsonError", bytes);
     let output: String = module.asc_get(return_value).unwrap();
     assert_eq!(output, "ERROR: true");
 
-    // Parse valid JSON and get it back
-    let s = "\"foo\""; // Valid because there are quotes around `foo`
+    // Parse JSON that's too long and handle the error gracefully
+    let s = format!("\"f{}\"", "o".repeat(10_000_000));
     let bytes: &[u8] = s.as_ref();
     let return_value: AscPtr<AscString> = module.invoke_export1("handleJsonError", bytes);
 
     let output: String = module.asc_get(return_value).unwrap();
-    assert_eq!(output, "OK: foo, ERROR: false");
-    assert_eq!(module.gas_used(), gas_used);
+    assert_eq!(output, "ERROR: true");
 }
 
 #[tokio::test]
 async fn json_parsing_v0_0_4() {
-    test_json_parsing(API_VERSION_0_0_4, 2722284).await;
+    test_json_parsing(API_VERSION_0_0_4, 4373087).await;
 }
 
 #[tokio::test]
 async fn json_parsing_v0_0_5() {
-    test_json_parsing(API_VERSION_0_0_5, 3862933).await;
+    test_json_parsing(API_VERSION_0_0_5, 5153540).await;
 }
 
 async fn test_ipfs_cat(api_version: Version) {
diff --git a/runtime/wasm/src/host_exports.rs b/runtime/wasm/src/host_exports.rs
@@ -766,8 +766,18 @@ impl<C: Blockchain> HostExports<C> {
         bytes: &Vec<u8>,
         gas: &GasCounter,
     ) -> Result<serde_json::Value, DeterministicHostError> {
-        gas.consume_host_fn(gas::DEFAULT_GAS_OP.with_args(gas::complexity::Size, &bytes))?;
-        serde_json::from_reader(bytes.as_slice())
+        // Max JSON size is 10MB.
+        const MAX_JSON_SIZE: usize = 10_000_000;
+
+        gas.consume_host_fn(gas::JSON_FROM_BYTES.with_args(gas::complexity::Size, &bytes))?;
+
+        if bytes.len() > MAX_JSON_SIZE {
+            return Err(DeterministicHostError::Other(
+                anyhow!("JSON size exceeds max size of {}", MAX_JSON_SIZE).into(),
+            ));
+        }
+
+        serde_json::from_slice(bytes.as_slice())
             .map_err(|e| DeterministicHostError::from(Error::from(e)))
     }
 
