Limit stack depth of asc_get (#4576)

Author: leoyvens

chain/ethereum/src/runtime/abi.rs

@@ -138,13 +138,14 @@ impl FromAscObj<AscUnresolvedContractCall_0_0_4> for UnresolvedContractCall {
         asc_call: AscUnresolvedContractCall_0_0_4,
         heap: &H,
         gas: &GasCounter,
+        depth: usize,
     ) -> Result<Self, DeterministicHostError> {
         Ok(UnresolvedContractCall {
-            contract_name: asc_get(heap, asc_call.contract_name, gas)?,
-            contract_address: asc_get(heap, asc_call.contract_address, gas)?,
-            function_name: asc_get(heap, asc_call.function_name, gas)?,
-            function_signature: Some(asc_get(heap, asc_call.function_signature, gas)?),
-            function_args: asc_get(heap, asc_call.function_args, gas)?,
+            contract_name: asc_get(heap, asc_call.contract_name, gas, depth)?,
+            contract_address: asc_get(heap, asc_call.contract_address, gas, depth)?,
+            function_name: asc_get(heap, asc_call.function_name, gas, depth)?,
+            function_signature: Some(asc_get(heap, asc_call.function_signature, gas, depth)?),
+            function_args: asc_get(heap, asc_call.function_args, gas, depth)?,
         })
     }
 }
@@ -163,13 +164,14 @@ impl FromAscObj<AscUnresolvedContractCall> for UnresolvedContractCall {
         asc_call: AscUnresolvedContractCall,
         heap: &H,
         gas: &GasCounter,
+        depth: usize,
     ) -> Result<Self, DeterministicHostError> {
         Ok(UnresolvedContractCall {
-            contract_name: asc_get(heap, asc_call.contract_name, gas)?,
-            contract_address: asc_get(heap, asc_call.contract_address, gas)?,
-            function_name: asc_get(heap, asc_call.function_name, gas)?,
+            contract_name: asc_get(heap, asc_call.contract_name, gas, depth)?,
+            contract_address: asc_get(heap, asc_call.contract_address, gas, depth)?,
+            function_name: asc_get(heap, asc_call.function_name, gas, depth)?,
             function_signature: None,
-            function_args: asc_get(heap, asc_call.function_args, gas)?,
+            function_args: asc_get(heap, asc_call.function_args, gas, depth)?,
         })
     }
 }

chain/ethereum/src/runtime/runtime_adapter.rs

@@ -77,9 +77,9 @@ fn ethereum_call(
     // function signature; subgraphs using an apiVersion < 0.0.4 don't pass
     // the signature along with the call.
     let call: UnresolvedContractCall = if ctx.heap.api_version() >= Version::new(0, 0, 4) {
-        asc_get::<_, AscUnresolvedContractCall_0_0_4, _>(ctx.heap, wasm_ptr.into(), &ctx.gas)?
+        asc_get::<_, AscUnresolvedContractCall_0_0_4, _>(ctx.heap, wasm_ptr.into(), &ctx.gas, 0)?
     } else {
-        asc_get::<_, AscUnresolvedContractCall, _>(ctx.heap, wasm_ptr.into(), &ctx.gas)?
+        asc_get::<_, AscUnresolvedContractCall, _>(ctx.heap, wasm_ptr.into(), &ctx.gas, 0)?
     };
 
     let result = eth_call(

graph/src/runtime/asc_heap.rs

@@ -6,6 +6,11 @@ use super::{
     gas::GasCounter, AscIndexId, AscPtr, AscType, DeterministicHostError, HostExportError,
     IndexForAscTypeId,
 };
+
+// A 128 limit is plenty for any subgraph, while the `fn recursion_limit` test ensures it is not
+// large enough to cause stack overflows.
+const MAX_RECURSION_DEPTH: usize = 128;
+
 /// A type that can read and write to the Asc heap. Call `asc_new` and `asc_get`
 /// for reading and writing Rust structs from and to Asc.
 ///
@@ -95,12 +100,21 @@ pub fn asc_get<T, C, H: AscHeap + ?Sized>(
     heap: &H,
     asc_ptr: AscPtr<C>,
     gas: &GasCounter,
+    mut depth: usize,
 ) -> Result<T, DeterministicHostError>
 where
     C: AscType + AscIndexId,
     T: FromAscObj<C>,
 {
-    T::from_asc_obj(asc_ptr.read_ptr(heap, gas)?, heap, gas)
+    depth += 1;
+
+    if depth > MAX_RECURSION_DEPTH {
+        return Err(DeterministicHostError::Other(anyhow::anyhow!(
+            "recursion limit reached"
+        )));
+    }
+
+    T::from_asc_obj(asc_ptr.read_ptr(heap, gas)?, heap, gas, depth)
 }
 
 /// Type that can be converted to an Asc object of class `C`.
@@ -133,10 +147,15 @@ impl ToAscObj<bool> for bool {
 }
 
 /// Type that can be converted from an Asc object of class `C`.
+///
+/// ### Overflow protection
+/// The `depth` parameter is used to prevent stack overflows, it measures how many `asc_get` calls
+/// have been made. `from_asc_obj` does not need to increment the depth, only pass it through.
 pub trait FromAscObj<C: AscType>: Sized {
     fn from_asc_obj<H: AscHeap + ?Sized>(
         obj: C,
         heap: &H,
         gas: &GasCounter,
+        depth: usize,
     ) -> Result<Self, DeterministicHostError>;
 }

runtime/test/src/test.rs

@@ -1157,3 +1157,21 @@ async fn test_boolean() {
             .is_err());
     }
 }
+
+#[tokio::test]
+async fn recursion_limit() {
+    let module = test_module_latest("RecursionLimit", "recursion_limit.wasm").await;
+
+    // An error about 'unknown key' means the entity was fully read with no stack overflow.
+    module
+        .invoke_export1_val_void("recursionLimit", 128)
+        .unwrap_err()
+        .to_string()
+        .contains("Unknown key `foobar`");
+
+    assert!(module
+        .invoke_export1_val_void("recursionLimit", 129)
+        .unwrap_err()
+        .to_string()
+        .contains("recursion limit reached"));
+}

runtime/test/wasm_test/api_version_0_0_5/recursion_limit.ts

@@ -0,0 +1,19 @@
+export * from './common/global';
+
+import { Entity, Value } from './common/types'
+
+declare namespace store {
+    function get(entity: string, id: string): Entity | null
+    function set(entity: string, id: string, data: Entity): void
+    function remove(entity: string, id: string): void
+}
+
+export function recursionLimit(depth: i32): void {
+    let user = new Entity();
+    var val = Value.fromI32(7);
+    for (let i = 0; i < depth; i++) {
+        val = Value.fromArray([val]);
+    }
+    user.set("foobar", val);
+    store.set("User", "user_id", user);
+}

runtime/test/wasm_test/api_version_0_0_5/recursion_limit.wasm

@@ -22,7 +22,7 @@ use graph::data::subgraph::schema::SubgraphError;
 use graph::data_source::{offchain, MappingTrigger, TriggerWithHandler};
 use graph::prelude::*;
 use graph::runtime::{
-    asc_get, asc_new,
+    asc_new,
     gas::{self, Gas, GasCounter, SaturatingInto},
     AscHeap, AscIndexId, AscType, DeterministicHostError, FromAscObj, HostExportError,
     IndexForAscTypeId, ToAscObj,
@@ -45,6 +45,19 @@ pub mod stopwatch;
 
 pub const TRAP_TIMEOUT: &str = "trap: interrupt";
 
+// Convenience for a 'top-level' asc_get, with depth 0.
+fn asc_get<T, C: AscType, H: AscHeap + ?Sized>(
+    heap: &H,
+    ptr: AscPtr<C>,
+    gas: &GasCounter,
+) -> Result<T, DeterministicHostError>
+where
+    C: AscType + AscIndexId,
+    T: FromAscObj<C>,
+{
+    graph::runtime::asc_get(heap, ptr, gas, 0)
+}
+
 pub trait IntoTrap {
     fn determinism_level(&self) -> DeterminismLevel;
     fn into_trap(self) -> Trap;

runtime/wasm/src/module/mod.rs

@@ -27,8 +27,9 @@ impl FromAscObj<Uint8Array> for web3::H160 {
         typed_array: Uint8Array,
         heap: &H,
         gas: &GasCounter,
+        depth: usize,
     ) -> Result<Self, DeterministicHostError> {
-        let data = <[u8; 20]>::from_asc_obj(typed_array, heap, gas)?;
+        let data = <[u8; 20]>::from_asc_obj(typed_array, heap, gas, depth)?;
         Ok(Self(data))
     }
 }
@@ -38,8 +39,9 @@ impl FromAscObj<Uint8Array> for web3::H256 {
         typed_array: Uint8Array,
         heap: &H,
         gas: &GasCounter,
+        depth: usize,
     ) -> Result<Self, DeterministicHostError> {
-        let data = <[u8; 32]>::from_asc_obj(typed_array, heap, gas)?;
+        let data = <[u8; 32]>::from_asc_obj(typed_array, heap, gas, depth)?;
         Ok(Self(data))
     }
 }
@@ -82,8 +84,9 @@ impl FromAscObj<AscBigInt> for BigInt {
         array_buffer: AscBigInt,
         heap: &H,
         gas: &GasCounter,
+        depth: usize,
     ) -> Result<Self, DeterministicHostError> {
-        let bytes = <Vec<u8>>::from_asc_obj(array_buffer, heap, gas)?;
+        let bytes = <Vec<u8>>::from_asc_obj(array_buffer, heap, gas, depth)?;
         Ok(BigInt::from_signed_bytes_le(&bytes))
     }
 }
@@ -109,9 +112,10 @@ impl FromAscObj<AscBigDecimal> for BigDecimal {
         big_decimal: AscBigDecimal,
         heap: &H,
         gas: &GasCounter,
+        depth: usize,
     ) -> Result<Self, DeterministicHostError> {
-        let digits: BigInt = asc_get(heap, big_decimal.digits, gas)?;
-        let exp: BigInt = asc_get(heap, big_decimal.exp, gas)?;
+        let digits: BigInt = asc_get(heap, big_decimal.digits, gas, depth)?;
+        let exp: BigInt = asc_get(heap, big_decimal.exp, gas, depth)?;
 
         let bytes = exp.to_signed_bytes_le();
         let mut byte_array = if exp >= 0.into() { [0; 8] } else { [255; 8] };
@@ -188,6 +192,7 @@ impl FromAscObj<AscEnum<EthereumValueKind>> for ethabi::Token {
         asc_enum: AscEnum<EthereumValueKind>,
         heap: &H,
         gas: &GasCounter,
+        depth: usize,
     ) -> Result<Self, DeterministicHostError> {
         use ethabi::Token;
 
@@ -196,41 +201,41 @@ impl FromAscObj<AscEnum<EthereumValueKind>> for ethabi::Token {
             EthereumValueKind::Bool => Token::Bool(bool::from(payload)),
             EthereumValueKind::Address => {
                 let ptr: AscPtr<AscAddress> = AscPtr::from(payload);
-                Token::Address(asc_get(heap, ptr, gas)?)
+                Token::Address(asc_get(heap, ptr, gas, depth)?)
             }
             EthereumValueKind::FixedBytes => {
                 let ptr: AscPtr<Uint8Array> = AscPtr::from(payload);
-                Token::FixedBytes(asc_get(heap, ptr, gas)?)
+                Token::FixedBytes(asc_get(heap, ptr, gas, depth)?)
             }
             EthereumValueKind::Bytes => {
                 let ptr: AscPtr<Uint8Array> = AscPtr::from(payload);
-                Token::Bytes(asc_get(heap, ptr, gas)?)
+                Token::Bytes(asc_get(heap, ptr, gas, depth)?)
             }
             EthereumValueKind::Int => {
                 let ptr: AscPtr<AscBigInt> = AscPtr::from(payload);
-                let n: BigInt = asc_get(heap, ptr, gas)?;
+                let n: BigInt = asc_get(heap, ptr, gas, depth)?;
                 Token::Int(n.to_signed_u256())
             }
             EthereumValueKind::Uint => {
                 let ptr: AscPtr<AscBigInt> = AscPtr::from(payload);
-                let n: BigInt = asc_get(heap, ptr, gas)?;
+                let n: BigInt = asc_get(heap, ptr, gas, depth)?;
                 Token::Uint(n.to_unsigned_u256())
             }
             EthereumValueKind::String => {
                 let ptr: AscPtr<AscString> = AscPtr::from(payload);
-                Token::String(asc_get(heap, ptr, gas)?)
+                Token::String(asc_get(heap, ptr, gas, depth)?)
             }
             EthereumValueKind::FixedArray => {
                 let ptr: AscEnumArray<EthereumValueKind> = AscPtr::from(payload);
-                Token::FixedArray(asc_get(heap, ptr, gas)?)
+                Token::FixedArray(asc_get(heap, ptr, gas, depth)?)
             }
             EthereumValueKind::Array => {
                 let ptr: AscEnumArray<EthereumValueKind> = AscPtr::from(payload);
-                Token::Array(asc_get(heap, ptr, gas)?)
+                Token::Array(asc_get(heap, ptr, gas, depth)?)
             }
             EthereumValueKind::Tuple => {
                 let ptr: AscEnumArray<EthereumValueKind> = AscPtr::from(payload);
-                Token::Tuple(asc_get(heap, ptr, gas)?)
+                Token::Tuple(asc_get(heap, ptr, gas, depth)?)
             }
         })
     }
@@ -241,34 +246,35 @@ impl FromAscObj<AscEnum<StoreValueKind>> for store::Value {
         asc_enum: AscEnum<StoreValueKind>,
         heap: &H,
         gas: &GasCounter,
+        depth: usize,
     ) -> Result<Self, DeterministicHostError> {
         use self::store::Value;
 
         let payload = asc_enum.payload;
         Ok(match asc_enum.kind {
             StoreValueKind::String => {
                 let ptr: AscPtr<AscString> = AscPtr::from(payload);
-                Value::String(asc_get(heap, ptr, gas)?)
+                Value::String(asc_get(heap, ptr, gas, depth)?)
             }
             StoreValueKind::Int => Value::Int(i32::from(payload)),
             StoreValueKind::BigDecimal => {
                 let ptr: AscPtr<AscBigDecimal> = AscPtr::from(payload);
-                Value::BigDecimal(asc_get(heap, ptr, gas)?)
+                Value::BigDecimal(asc_get(heap, ptr, gas, depth)?)
             }
             StoreValueKind::Bool => Value::Bool(bool::from(payload)),
             StoreValueKind::Array => {
                 let ptr: AscEnumArray<StoreValueKind> = AscPtr::from(payload);
-                Value::List(asc_get(heap, ptr, gas)?)
+                Value::List(asc_get(heap, ptr, gas, depth)?)
             }
             StoreValueKind::Null => Value::Null,
             StoreValueKind::Bytes => {
                 let ptr: AscPtr<Uint8Array> = AscPtr::from(payload);
-                let array: Vec<u8> = asc_get(heap, ptr, gas)?;
+                let array: Vec<u8> = asc_get(heap, ptr, gas, depth)?;
                 Value::Bytes(array.as_slice().into())
             }
             StoreValueKind::BigInt => {
                 let ptr: AscPtr<AscBigInt> = AscPtr::from(payload);
-                let array: Vec<u8> = asc_get(heap, ptr, gas)?;
+                let array: Vec<u8> = asc_get(heap, ptr, gas, depth)?;
                 Value::BigInt(store::scalar::BigInt::from_signed_bytes_le(&array))
             }
         })

runtime/wasm/src/to_from/external.rs

@@ -32,6 +32,7 @@ impl<T: AscValue> FromAscObj<TypedArray<T>> for Vec<T> {
         typed_array: TypedArray<T>,
         heap: &H,
         gas: &GasCounter,
+        _depth: usize,
     ) -> Result<Self, DeterministicHostError> {
         typed_array.to_vec(heap, gas)
     }
@@ -42,6 +43,7 @@ impl<T: AscValue + Send + Sync, const LEN: usize> FromAscObj<TypedArray<T>> for
         typed_array: TypedArray<T>,
         heap: &H,
         gas: &GasCounter,
+        _depth: usize,
     ) -> Result<Self, DeterministicHostError> {
         let v = typed_array.to_vec(heap, gas)?;
         let array = <[T; LEN]>::try_from(v)
@@ -88,6 +90,7 @@ impl FromAscObj<AscString> for String {
         asc_string: AscString,
         _: &H,
         _gas: &GasCounter,
+        _depth: usize,
     ) -> Result<Self, DeterministicHostError> {
         let mut string = String::from_utf16(asc_string.content())
             .map_err(|e| DeterministicHostError::from(anyhow::Error::from(e)))?;
@@ -105,8 +108,9 @@ impl FromAscObj<AscString> for Word {
         asc_string: AscString,
         heap: &H,
         gas: &GasCounter,
+        depth: usize,
     ) -> Result<Self, DeterministicHostError> {
-        let string = String::from_asc_obj(asc_string, heap, gas)?;
+        let string = String::from_asc_obj(asc_string, heap, gas, depth)?;
 
         Ok(Word::from(string))
     }
@@ -129,11 +133,12 @@ impl<C: AscType + AscIndexId, T: FromAscObj<C>> FromAscObj<Array<AscPtr<C>>> for
         array: Array<AscPtr<C>>,
         heap: &H,
         gas: &GasCounter,
+        depth: usize,
     ) -> Result<Self, DeterministicHostError> {
         array
             .to_vec(heap, gas)?
             .into_iter()
-            .map(|x| asc_get(heap, x, gas))
+            .map(|x| asc_get(heap, x, gas, depth))
             .collect()
     }
 }
@@ -145,10 +150,11 @@ impl<K: AscType + AscIndexId, V: AscType + AscIndexId, T: FromAscObj<K>, U: From
         asc_entry: AscTypedMapEntry<K, V>,
         heap: &H,
         gas: &GasCounter,
+        depth: usize,
     ) -> Result<Self, DeterministicHostError> {
         Ok((
-            asc_get(heap, asc_entry.key, gas)?,
-            asc_get(heap, asc_entry.value, gas)?,
+            asc_get(heap, asc_entry.key, gas, depth)?,
+            asc_get(heap, asc_entry.value, gas, depth)?,
         ))
     }
 }
@@ -182,8 +188,9 @@ where
         asc_map: AscTypedMap<K, V>,
         heap: &H,
         gas: &GasCounter,
+        depth: usize,
     ) -> Result<Self, DeterministicHostError> {
-        let entries: Vec<(T, U)> = asc_get(heap, asc_map.entries, gas)?;
+        let entries: Vec<(T, U)> = asc_get(heap, asc_map.entries, gas, depth)?;
         Ok(HashMap::from_iter(entries.into_iter()))
     }
 }