Pull from upstream

CMakeLists.txt

@@ -27,7 +27,7 @@ set( CXX_STANDARD_REQUIRED ON)
 
 set(VERSION_MAJOR 1)
 set(VERSION_MINOR 1)
-set(VERSION_PATCH 3)
+set(VERSION_PATCH 4)
 
 set( CLI_CLIENT_EXECUTABLE_NAME cleos )
 set( GUI_CLIENT_EXECUTABLE_NAME eosio )

Docker/README.md

@@ -20,10 +20,10 @@ cd eos/Docker
 docker build . -t eosio/eos
 ```
 
-The above will build off the most recent commit to the master branch by default. If you would like to target a specific branch/tag, you may use a build argument. For example, if you wished to generate a docker image based off of the v1.1.3 tag, you could do the following:
+The above will build off the most recent commit to the master branch by default. If you would like to target a specific branch/tag, you may use a build argument. For example, if you wished to generate a docker image based off of the v1.1.4 tag, you could do the following:
 
 ```bash
-docker build -t eosio/eos:v1.1.3 --build-arg branch=v1.1.3 .
+docker build -t eosio/eos:v1.1.4 --build-arg branch=v1.1.4 .
 ```
 
 By default, the symbol in eosio.system is set to SYS. You can override this using the symbol argument while building the docker image.

README.md

@@ -35,17 +35,15 @@ EOSIO currently supports the following operating systems:
 6. Ubuntu 18.04
 7. MacOS Darwin 10.12 and higher (MacOS 10.13.x recommended)
 
-# Resources
-1. [eos.io website](https://eos.io)
-2. [EOSIO Blog](https://medium.com/eosio)
-3. [EOSIO Documentation Wiki](https://github.com/EOSIO/eos/wiki)
-4. [EOSIO API Documentation](https://eosio.github.io/eos/)
-5. [EOSIO Developer Portal](https://developers.eos.io)
-6. [EOSIO StackExchange for Q&A](https://eosio.stackexchange.com/)
-7. [Community Telegram Group](https://t.me/EOSProject)
-8. [Developer Telegram Group](https://t.me/joinchat/EaEnSUPktgfoI-XPfMYtcQ)
-9. [White Paper](https://github.com/EOSIO/Documentation/blob/master/TechnicalWhitePaper.md)
-10. [Roadmap](https://github.com/EOSIO/Documentation/blob/master/Roadmap.md)
+## Resources
+1. [Website](https://eos.io)
+1. [Blog](https://medium.com/eosio)
+1. [Developer Portal](https://developers.eos.io)
+1. [StackExchange for Q&A](https://eosio.stackexchange.com/)
+1. [Community Telegram Group](https://t.me/EOSProject)
+1. [Developer Telegram Group](https://t.me/joinchat/EaEnSUPktgfoI-XPfMYtcQ)
+1. [White Paper](https://github.com/EOSIO/Documentation/blob/master/TechnicalWhitePaper.md)
+1. [Roadmap](https://github.com/EOSIO/Documentation/blob/master/Roadmap.md)
 
 <a name="gettingstarted"></a>
 ## Getting Started

contracts/eosiolib/asset.hpp

@@ -173,10 +173,10 @@ namespace eosio {
        * @post The amount of this asset is multiplied by a
        */
       asset& operator*=( int64_t a ) {
-         eosio_assert( a == 0 || (amount * a) / a == amount, "multiplication overflow or underflow" );
-         amount *= a;
-         eosio_assert( -max_amount <= amount, "multiplication underflow" );
-         eosio_assert( amount <= max_amount,  "multiplication overflow" );
+         int128_t tmp = (int128_t)amount * (int128_t)a;
+         eosio_assert( tmp <= max_amount, "multiplication overflow" );
+         eosio_assert( tmp >= -max_amount, "multiplication underflow" );
+         amount = (int64_t)tmp;
          return *this;
       }
 
@@ -218,6 +218,8 @@ namespace eosio {
        * @post The amount of this asset is divided by a
        */
       asset& operator/=( int64_t a ) {
+         eosio_assert( a != 0, "divide by zero" );
+         eosio_assert( !(amount == std::numeric_limits<int64_t>::min() && a == -1), "signed division overflow" );
          amount /= a;
          return *this;
       }

libraries/chain/controller.cpp

@@ -517,7 +517,7 @@ struct controller_impl {
       db.remove( gto );
    }
 
-   bool failure_is_subjective( const fc::exception& e ) {
+   bool failure_is_subjective( const fc::exception& e ) const {
       auto code = e.code();
       return    (code == subjective_block_production_exception::code_value)
              || (code == block_net_usage_exceeded::code_value)
@@ -533,6 +533,12 @@ struct controller_impl {
              || (code == key_blacklist_exception::code_value);
    }
 
+   bool scheduled_failure_is_subjective( const fc::exception& e ) const {
+      auto code = e.code();
+      return    (code == tx_cpu_usage_exceeded::code_value)
+             || failure_is_subjective(e);
+   }
+
    transaction_trace_ptr push_scheduled_transaction( const transaction_id_type& trxid, fc::time_point deadline, uint32_t billed_cpu_time_us, bool explicit_billed_cpu_time = false ) {
       const auto& idx = db.get_index<generated_transaction_multi_index,by_trx_id>();
       auto itr = idx.find( trxid );
@@ -629,7 +635,15 @@ struct controller_impl {
 
       // Only subjective OR hard failure logic below:
 
-      if (!failure_is_subjective(*trace->except)) {
+      // subjectivity changes based on producing vs validating
+      bool subjective  = false;
+      if (explicit_billed_cpu_time) {
+         subjective = failure_is_subjective(*trace->except);
+      } else {
+         subjective = scheduled_failure_is_subjective(*trace->except);
+      }
+
+      if ( !subjective ) {
          // hard failure logic
 
          if( !explicit_billed_cpu_time ) {

plugins/producer_plugin/producer_plugin.cpp

@@ -60,8 +60,7 @@ namespace {
       auto code = e.code();
       return (code == block_cpu_usage_exceeded::code_value) ||
              (code == block_net_usage_exceeded::code_value) ||
-             (code == deadline_exception::code_value && deadline_is_subjective) ||
-             (code == leeway_deadline_exception::code_value && deadline_is_subjective);
+             (code == deadline_exception::code_value && deadline_is_subjective);
    }
 }
 

unittests/abi_tests.cpp

@@ -24,6 +24,9 @@
 
 #include <config.hpp>
 
+#include <deep_nested.abi.hpp>
+#include <large_nested.abi.hpp>
+
 using namespace eosio;
 using namespace chain;
 
@@ -3299,6 +3302,43 @@ BOOST_AUTO_TEST_CASE(abi_account_name_in_eosio_abi)
 } FC_LOG_AND_RETHROW() }
 
 
+// Unlimited array size during abi serialization can exhaust memory and crash the process
+BOOST_AUTO_TEST_CASE(abi_large_array)
+{
+   try {
+      const char* abi_str = R"=====(
+      {
+        "types": [],
+        "structs": [{
+           "name": "hi",
+           "base": "",
+           "fields": [
+           ]
+         }
+       ],
+       "actions": [{
+           "name": "hi",
+           "type": "hi[]",
+           "ricardian_contract": ""
+         }
+       ],
+       "tables": []
+      }
+      )=====";
+
+      abi_serializer abis( fc::json::from_string( abi_str ).as<abi_def>(), max_serialization_time );
+      // indicate a very large array, but don't actually provide a large array
+      // curl http://127.0.0.1:8888/v1/chain/abi_bin_to_json -X POST -d '{"code":"eosio", "action":"hi", "binargs":"ffffffff08"}'
+      bytes bin = {static_cast<char>(0xff),
+                   static_cast<char>(0xff),
+                   static_cast<char>(0xff),
+                   static_cast<char>(0xff),
+                   static_cast<char>(0x08)};
+      BOOST_CHECK_THROW( abis.binary_to_variant( "hi[]", bin, max_serialization_time );, fc::exception );
+
+   } FC_LOG_AND_RETHROW()
+}
+
 // Infinite recursion of abi_serializer is_type
 BOOST_AUTO_TEST_CASE(abi_is_type_recursion)
 {
@@ -3402,4 +3442,33 @@ BOOST_AUTO_TEST_CASE(abi_recursive_structs)
    } FC_LOG_AND_RETHROW()
 }
 
+// Infinite recursion of abi_serializer in struct definitions
+BOOST_AUTO_TEST_CASE(abi_very_deep_structs)
+{
+   try {
+      abi_serializer abis( fc::json::from_string( large_nested_abi ).as<abi_def>(), max_serialization_time );
+      string hi_data = "{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":{\"f1\":0}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}";
+      BOOST_CHECK_THROW( abis.variant_to_binary( "s98", fc::json::from_string( hi_data ), max_serialization_time ), fc::exception );
+   } FC_LOG_AND_RETHROW()
+}
+
+// Infinite recursion of abi_serializer in struct definitions
+BOOST_AUTO_TEST_CASE(abi_very_deep_structs_1ms)
+{
+   try {
+      BOOST_CHECK_THROW(
+            abi_serializer abis( fc::json::from_string( large_nested_abi ).as<abi_def>(), fc::microseconds( 1 ) ),
+            fc::exception );
+   } FC_LOG_AND_RETHROW()
+}
+
+BOOST_AUTO_TEST_CASE(abi_deep_structs_validate)
+{
+   try {
+      BOOST_CHECK_THROW(
+            abi_serializer abis( fc::json::from_string( deep_nested_abi ).as<abi_def>(), max_serialization_time ),
+            fc::exception );
+   } FC_LOG_AND_RETHROW()
+}
+
 BOOST_AUTO_TEST_SUITE_END()