Merge PR #3070: Check for gas overflow in tx validation

* Check for gas overflow in tx validation

* Use bitshifting over math.Pow

PENDING.md

@@ -48,10 +48,11 @@ IMPROVEMENTS
 * Gaia
 
 * SDK
- - \#1277 Complete bank module specification
- - \#2963 Complete auth module specification
+  * \#1277 Complete bank module specification
+  * \#2963 Complete auth module specification
   * \#2914 No longer withdraw validator rewards on bond/unbond, but rather move
   the rewards to the respective validator's pools.
+  * \#3068 check for uint64 gas overflow during `Std#ValidateBasic`.
 
 * Tendermint
 

x/auth/stdtx.go

@@ -10,7 +10,11 @@ import (
 	"github.com/tendermint/tendermint/crypto/multisig"
 )
 
-var _ sdk.Tx = (*StdTx)(nil)
+var (
+	_ sdk.Tx = (*StdTx)(nil)
+
+	maxGasWanted = uint64((1 << 63) - 1)
+)
 
 // StdTx is a standard way to wrap a Msg with Fee and Signatures.
 // NOTE: the first signature is the fee payer (Signatures must not be nil).
@@ -38,6 +42,9 @@ func (tx StdTx) GetMsgs() []sdk.Msg { return tx.Msgs }
 func (tx StdTx) ValidateBasic() sdk.Error {
 	stdSigs := tx.GetSignatures()
 
+	if tx.Fee.Gas > maxGasWanted {
+		return sdk.ErrInternal(fmt.Sprintf("invalid gas supplied; %d > %d", tx.Fee.Gas, maxGasWanted))
+	}
 	if !tx.Fee.Amount.IsNotNegative() {
 		return sdk.ErrInsufficientFee(fmt.Sprintf("invalid fee %s amount provided", tx.Fee.Amount))
 	}

x/auth/stdtx_test.go

@@ -120,6 +120,15 @@ func TestTxValidateBasic(t *testing.T) {
 	require.Error(t, err)
 	require.Equal(t, sdk.CodeTooManySignatures, err.Result().Code)
 
+	// require to fail with invalid gas supplied
+	badFee = newStdFee()
+	badFee.Gas = 9223372036854775808
+	tx = newTestTx(ctx, nil, nil, nil, nil, badFee)
+
+	err = tx.ValidateBasic()
+	require.Error(t, err)
+	require.Equal(t, sdk.CodeInternal, err.Result().Code)
+
 	// require to pass when above criteria are matched
 	privs, accNums, seqs = []crypto.PrivKey{priv1, priv2}, []uint64{0, 1}, []uint64{0, 0}
 	tx = newTestTx(ctx, msgs, privs, accNums, seqs, fee)