SIMD-406: Restrict to 255 the number of accounts in instructions for transactions v0 and legacy

message/src/compiled_instruction.rs

@@ -4,7 +4,10 @@ use serde_derive::{Deserialize, Serialize};
 use solana_frozen_abi_macro::AbiExample;
 #[cfg(feature = "wincode")]
 use wincode::{containers, len::ShortU16Len, SchemaRead, SchemaWrite};
-use {solana_address::Address, solana_sanitize::Sanitize};
+use {
+    solana_address::Address,
+    solana_sanitize::{Sanitize, SanitizeError},
+};
 
 /// A compact encoding of an instruction.
 ///
@@ -34,7 +37,14 @@ pub struct CompiledInstruction {
     pub data: Vec<u8>,
 }
 
-impl Sanitize for CompiledInstruction {}
+impl Sanitize for CompiledInstruction {
+    fn sanitize(&self, limit_ix_accounts_simd_406: bool) -> Result<(), SanitizeError> {
+        if limit_ix_accounts_simd_406 && self.accounts.len() > 255 {
+            return Err(SanitizeError::ValueOutOfBounds);
+        }
+        Ok(())
+    }
+}
 
 impl CompiledInstruction {
     #[cfg(feature = "bincode")]

message/src/legacy.rs

@@ -103,7 +103,7 @@ pub struct Message {
 }
 
 impl Sanitize for Message {
-    fn sanitize(&self) -> std::result::Result<(), SanitizeError> {
+    fn sanitize(&self, limit_ix_accounts_simd_406: bool) -> std::result::Result<(), SanitizeError> {
         // signing area and read-only non-signing area should not overlap
         if self.header.num_required_signatures as usize
             + self.header.num_readonly_unsigned_accounts as usize
@@ -131,9 +131,9 @@ impl Sanitize for Message {
                 }
             }
         }
-        self.account_keys.sanitize()?;
-        self.recent_blockhash.sanitize()?;
-        self.instructions.sanitize()?;
+        self.account_keys.sanitize(limit_ix_accounts_simd_406)?;
+        self.recent_blockhash.sanitize(limit_ix_accounts_simd_406)?;
+        self.instructions.sanitize(limit_ix_accounts_simd_406)?;
         Ok(())
     }
 }
@@ -893,4 +893,27 @@ mod tests {
         assert!(!message5.is_writable_index(0));
         assert!(!message5.is_writable_index(1));
     }
+
+    #[test]
+    fn test_more_than_255_accounts_in_ix() {
+        let mut accounts: Vec<u8> = (0..255).collect();
+        accounts.push(5);
+        accounts.push(4);
+        let message = crate::v0::Message {
+            account_keys: vec![Address::new_unique(); 256],
+            instructions: vec![CompiledInstruction::new_from_raw_parts(
+                4,
+                Vec::new(),
+                accounts,
+            )],
+            header: MessageHeader {
+                num_required_signatures: 2,
+                num_readonly_signed_accounts: 1,
+                num_readonly_unsigned_accounts: 0,
+            },
+            ..crate::v0::Message::default()
+        };
+        let result = message.sanitize(true);
+        assert_eq!(result.err().unwrap(), SanitizeError::ValueOutOfBounds);
+    }
 }

message/src/sanitized.rs

@@ -110,8 +110,9 @@ impl SanitizedMessage {
     pub fn try_from_legacy_message(
         message: legacy::Message,
         reserved_account_keys: &HashSet<Address>,
+        limit_ix_accounts_simd_406: bool,
     ) -> Result<Self, SanitizeMessageError> {
-        message.sanitize()?;
+        message.sanitize(limit_ix_accounts_simd_406)?;
         Ok(Self::Legacy(LegacyMessage::new(
             message,
             reserved_account_keys,
@@ -456,6 +457,7 @@ mod tests {
             SanitizedMessage::try_from_legacy_message(
                 legacy_message_with_no_signers,
                 &HashSet::default(),
+                true,
             )
             .err(),
             Some(SanitizeMessageError::IndexOutOfBounds),
@@ -482,6 +484,7 @@ mod tests {
                 ..legacy::Message::default()
             },
             &HashSet::default(),
+            true,
         )
         .unwrap();
 
@@ -529,6 +532,7 @@ mod tests {
                 instructions,
             ),
             &HashSet::default(),
+            true,
         )
         .unwrap();
 
@@ -571,6 +575,7 @@ mod tests {
                 ..legacy::Message::default()
             },
             &HashSet::default(),
+            true,
         )
         .unwrap();
         match legacy_message {
@@ -655,6 +660,7 @@ mod tests {
                 ],
             ),
             &HashSet::new(),
+            true,
         )
         .unwrap();
 
@@ -688,6 +694,7 @@ mod tests {
                 ..legacy::Message::default()
             },
             &HashSet::default(),
+            true,
         )
         .unwrap();
         assert_eq!(legacy_message.static_account_keys(), &keys);

message/src/versions/mod.rs

@@ -59,10 +59,10 @@ pub enum VersionedMessage {
 }
 
 impl VersionedMessage {
-    pub fn sanitize(&self) -> Result<(), SanitizeError> {
+    pub fn sanitize(&self, limit_ix_accounts_simd_406: bool) -> Result<(), SanitizeError> {
         match self {
-            Self::Legacy(message) => message.sanitize(),
-            Self::V0(message) => message.sanitize(),
+            Self::Legacy(message) => message.sanitize(limit_ix_accounts_simd_406),
+            Self::V0(message) => message.sanitize(limit_ix_accounts_simd_406),
         }
     }
 

message/src/versions/sanitized.rs

@@ -12,13 +12,16 @@ pub struct SanitizedVersionedMessage {
 impl TryFrom<VersionedMessage> for SanitizedVersionedMessage {
     type Error = SanitizeError;
     fn try_from(message: VersionedMessage) -> Result<Self, Self::Error> {
-        Self::try_new(message)
+        Self::try_new(message, true)
     }
 }
 
 impl SanitizedVersionedMessage {
-    pub fn try_new(message: VersionedMessage) -> Result<Self, SanitizeError> {
-        message.sanitize()?;
+    pub fn try_new(
+        message: VersionedMessage,
+        limit_ix_accounts_simd_406: bool,
+    ) -> Result<Self, SanitizeError> {
+        message.sanitize(limit_ix_accounts_simd_406)?;
         Ok(Self { message })
     }
 

message/src/versions/v0/mod.rs

@@ -110,7 +110,7 @@ pub struct Message {
 
 impl Message {
     /// Sanitize message fields and compiled instruction indexes
-    pub fn sanitize(&self) -> Result<(), SanitizeError> {
+    pub fn sanitize(&self, limit_ix_accounts_simd_406: bool) -> Result<(), SanitizeError> {
         let num_static_account_keys = self.account_keys.len();
         if usize::from(self.header.num_required_signatures)
             .saturating_add(usize::from(self.header.num_readonly_unsigned_accounts))
@@ -187,6 +187,9 @@ impl Message {
                     return Err(SanitizeError::IndexOutOfBounds);
                 }
             }
+            if limit_ix_accounts_simd_406 && ci.accounts.len() > 255 {
+                return Err(SanitizeError::ValueOutOfBounds);
+            }
         }
 
         Ok(())
@@ -407,7 +410,7 @@ mod tests {
             account_keys: vec![Address::new_unique()],
             ..Message::default()
         }
-        .sanitize()
+        .sanitize(true)
         .is_ok());
     }
 
@@ -426,7 +429,7 @@ mod tests {
             }],
             ..Message::default()
         }
-        .sanitize()
+        .sanitize(true)
         .is_ok());
     }
 
@@ -445,7 +448,7 @@ mod tests {
             }],
             ..Message::default()
         }
-        .sanitize()
+        .sanitize(true)
         .is_ok());
     }
 
@@ -470,7 +473,7 @@ mod tests {
             ..Message::default()
         };
 
-        assert!(message.sanitize().is_err());
+        assert!(message.sanitize(true).is_err());
     }
 
     #[test]
@@ -493,7 +496,7 @@ mod tests {
             }],
             ..Message::default()
         }
-        .sanitize()
+        .sanitize(true)
         .is_ok());
     }
 
@@ -504,7 +507,7 @@ mod tests {
             account_keys: vec![Address::new_unique()],
             ..Message::default()
         }
-        .sanitize()
+        .sanitize(true)
         .is_err());
     }
 
@@ -519,7 +522,7 @@ mod tests {
             account_keys: vec![Address::new_unique()],
             ..Message::default()
         }
-        .sanitize()
+        .sanitize(true)
         .is_err());
     }
 
@@ -538,7 +541,7 @@ mod tests {
             }],
             ..Message::default()
         }
-        .sanitize()
+        .sanitize(true)
         .is_err());
     }
 
@@ -552,7 +555,7 @@ mod tests {
             account_keys: (0..=u8::MAX).map(|_| Address::new_unique()).collect(),
             ..Message::default()
         }
-        .sanitize()
+        .sanitize(true)
         .is_ok());
     }
 
@@ -566,7 +569,7 @@ mod tests {
             account_keys: (0..=256).map(|_| Address::new_unique()).collect(),
             ..Message::default()
         }
-        .sanitize()
+        .sanitize(true)
         .is_err());
     }
 
@@ -585,7 +588,7 @@ mod tests {
             }],
             ..Message::default()
         }
-        .sanitize()
+        .sanitize(true)
         .is_ok());
     }
 
@@ -604,7 +607,7 @@ mod tests {
             }],
             ..Message::default()
         }
-        .sanitize()
+        .sanitize(true)
         .is_err());
     }
 
@@ -629,7 +632,7 @@ mod tests {
             ..Message::default()
         };
 
-        assert!(message.sanitize().is_err());
+        assert!(message.sanitize(true).is_err());
     }
 
     #[test]
@@ -652,7 +655,7 @@ mod tests {
             }],
             ..Message::default()
         }
-        .sanitize()
+        .sanitize(true)
         .is_err());
     }
 
@@ -788,4 +791,27 @@ mod tests {
         assert!(!message.is_account_maybe_reserved(3, None));
         assert!(!message.is_account_maybe_reserved(4, None));
     }
+
+    #[test]
+    fn test_more_than_255_accounts_in_ix() {
+        let mut accounts: Vec<u8> = (0..255).collect();
+        accounts.push(5);
+        accounts.push(4);
+        let message = Message {
+            account_keys: vec![Address::new_unique(); 256],
+            instructions: vec![CompiledInstruction::new_from_raw_parts(
+                4,
+                Vec::new(),
+                accounts,
+            )],
+            header: MessageHeader {
+                num_required_signatures: 2,
+                num_readonly_signed_accounts: 1,
+                num_readonly_unsigned_accounts: 0,
+            },
+            ..Message::default()
+        };
+        let result = message.sanitize(true);
+        assert_eq!(result.err().unwrap(), SanitizeError::ValueOutOfBounds);
+    }
 }

sanitize/src/lib.rs

@@ -34,15 +34,15 @@ impl fmt::Display for SanitizeError {
 /// - All index values are in range.
 /// - All values are within their static max/min bounds.
 pub trait Sanitize {
-    fn sanitize(&self) -> Result<(), SanitizeError> {
+    fn sanitize(&self, _limit_ix_accounts_simd_406: bool) -> Result<(), SanitizeError> {
         Ok(())
     }
 }
 
 impl<T: Sanitize> Sanitize for [T] {
-    fn sanitize(&self) -> Result<(), SanitizeError> {
+    fn sanitize(&self, limit_ix_accounts_simd_406: bool) -> Result<(), SanitizeError> {
         for x in self.iter() {
-            x.sanitize()?;
+            x.sanitize(limit_ix_accounts_simd_406)?;
         }
         Ok(())
     }

sdk/benches/serialize_instructions.rs

@@ -33,6 +33,7 @@ fn bench_construct_instructions_data(b: &mut Bencher) {
     let message = SanitizedMessage::try_from_legacy_message(
         Message::new(&instructions, Some(&Pubkey::new_unique())),
         &HashSet::default(),
+        true,
     )
     .unwrap();
     b.iter(|| {
@@ -56,6 +57,7 @@ fn bench_manual_instruction_deserialize(b: &mut Bencher) {
     let message = SanitizedMessage::try_from_legacy_message(
         Message::new(&instructions, Some(&Pubkey::new_unique())),
         &HashSet::default(),
+        true,
     )
     .unwrap();
     let serialized = construct_instructions_data(&message.decompile_instructions());
@@ -73,6 +75,7 @@ fn bench_manual_instruction_deserialize_single(b: &mut Bencher) {
     let message = SanitizedMessage::try_from_legacy_message(
         Message::new(&instructions, Some(&Pubkey::new_unique())),
         &HashSet::default(),
+        true,
     )
     .unwrap();
     let serialized = construct_instructions_data(&message.decompile_instructions());