From a9be32927b4942cadeb6b2ca6730fa8b107be620 Mon Sep 17 00:00:00 2001
From: steven <chenglin.cn@163.com>
Date: Wed, 19 Jun 2019 16:35:26 +0800
Subject: [PATCH] add array/struct append len check (#958)

---
 smartcontract/test/append_test.go | 54 +++++++++++++++++++++++++++++++
 vm/neovm/func_validate.go         |  8 +++++
 2 files changed, 62 insertions(+)
 create mode 100644 smartcontract/test/append_test.go

diff --git a/smartcontract/test/append_test.go b/smartcontract/test/append_test.go
new file mode 100644
index 00000000..c8dca535
--- /dev/null
+++ b/smartcontract/test/append_test.go
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2018 The ontology Authors
+ * This file is part of The ontology library.
+ *
+ * The ontology is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * The ontology is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with The ontology.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package test
+
+import (
+	"github.com/ontio/ontology/smartcontract"
+	"github.com/ontio/ontology/vm/neovm"
+	"github.com/ontio/ontology/vm/neovm/errors"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestAppendOverFlow(t *testing.T) {
+	// define 1024 len array
+	byteCode := []byte{
+		byte(0x04), //neovm.PUSHBYTES4
+		byte(0x00),
+		byte(0x04),
+		byte(0x00),
+		byte(0x00),
+		byte(neovm.NEWARRAY),
+		byte(neovm.PUSH2),
+		byte(neovm.APPEND),
+	}
+
+	config := &smartcontract.Config{
+		Time:   10,
+		Height: 10,
+	}
+	sc := smartcontract.SmartContract{
+		Config:  config,
+		Gas:     200,
+		CacheDB: nil,
+	}
+	engine, _ := sc.NewExecuteEngine(byteCode)
+	_, err := engine.Invoke()
+	assert.EqualError(t, err, "[NeoVmService] vm execution error!: "+errors.ERR_OVER_MAX_ARRAY_SIZE.Error())
+}
diff --git a/vm/neovm/func_validate.go b/vm/neovm/func_validate.go
index 0ac3f613..3ba76390 100644
--- a/vm/neovm/func_validate.go
+++ b/vm/neovm/func_validate.go
@@ -551,6 +551,7 @@ func validateNewArray(e *ExecutionEngine) error {
 	}
 
 	count, err := PeekBigInteger(e)
+
 	if err != nil {
 		return err
 	}
@@ -591,6 +592,13 @@ func validateAppend(e *ExecutionEngine) error {
 	if !ok1 && !ok2 {
 		return fmt.Errorf("validateAppend error: %s", errors.ERR_NOT_SUPPORT_TYPE)
 	}
+
+	arr, _ := arrItem.GetArray()
+	count := big.NewInt(int64(len(arr) + 1))
+	if count.Cmp(big.NewInt(int64(MAX_ARRAY_SIZE))) > 0 {
+		return errors.ERR_OVER_MAX_ARRAY_SIZE
+	}
+
 	return nil
 }