From e28271b8e6ea414ca8936d0ae63ecf6faa153af8 Mon Sep 17 00:00:00 2001
From: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Date: Thu, 22 Apr 2021 17:21:27 +0700
Subject: [PATCH] types: make NewDecFromStr returns error for too large decimal
 (#9157)

Otherwise, NewDecFromStr may accept very large input, causing Dec
methods panic, e.g Dec.TruncateInt

Found by oss-fuzz: https://oss-fuzz.com/testcase-detail/6454129938530304

Fixes #9160
---
 types/decimal.go      | 3 +++
 types/decimal_test.go | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/types/decimal.go b/types/decimal.go
index 706859a856..9ce5cfb972 100644
--- a/types/decimal.go
+++ b/types/decimal.go
@@ -177,6 +177,9 @@ func NewDecFromStr(str string) (Dec, error) {
 	if !ok {
 		return Dec{}, fmt.Errorf("failed to set decimal string: %s", combinedStr)
 	}
+	if combined.BitLen() > maxBitLen {
+		return Dec{}, fmt.Errorf("decimal out of range; bitLen: got %d, max %d", combined.BitLen(), maxBitLen)
+	}
 	if neg {
 		combined = new(big.Int).Neg(combined)
 	}
diff --git a/types/decimal_test.go b/types/decimal_test.go
index 050d19f500..efa0ce2023 100644
--- a/types/decimal_test.go
+++ b/types/decimal_test.go
@@ -8,7 +8,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/suite"
-	yaml "gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v2"
 
 	sdk "github.com/cosmos/cosmos-sdk/types"
 )
@@ -57,6 +57,7 @@ func (s *decimalTestSuite) TestNewDecFromStr() {
 		{"foobar", true, sdk.Dec{}},
 		{"0.foobar", true, sdk.Dec{}},
 		{"0.foobar.", true, sdk.Dec{}},
+		{"88888888888888888888888888888888888888888888888888888888888888888888844444440", true, sdk.Dec{}},
 	}
 
 	for tcIndex, tc := range tests {