From 371e078feb5a891b856842e7bb791de20a1050db Mon Sep 17 00:00:00 2001
From: Krisztian Kovacs <krisztian@equilibrium.co>
Date: Thu, 9 Jan 2025 15:55:39 +0100
Subject: [PATCH 1/3] fix(p2p,rpc): limit Cairo 0 class definition size

Make sure the uncompressed size of Cairo 0 class definitions does not
exceed our limit of 4 MiB.

Closes #2471
---
 crates/common/src/class_definition.rs | 2 ++
 crates/p2p/src/client/conv.rs         | 4 ++--
 crates/rpc/src/types/class.rs         | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/crates/common/src/class_definition.rs b/crates/common/src/class_definition.rs
index e6e8c35b29..665c5466ea 100644
--- a/crates/common/src/class_definition.rs
+++ b/crates/common/src/class_definition.rs
@@ -10,6 +10,8 @@ use serde_with::serde_as;
 
 use crate::{ByteCodeOffset, EntryPoint};
 
+pub const CLASS_DEFINITION_MAX_ALLOWED_SIZE: u64 = 4 * 1024 * 1024;
+
 #[derive(Debug, Deserialize, Dummy)]
 pub enum ClassDefinition<'a> {
     Sierra(Sierra<'a>),
diff --git a/crates/p2p/src/client/conv.rs b/crates/p2p/src/client/conv.rs
index 43f104915a..1e439cd77b 100644
--- a/crates/p2p/src/client/conv.rs
+++ b/crates/p2p/src/client/conv.rs
@@ -909,10 +909,10 @@ impl TryFromDto<p2p_proto::class::Cairo0Class> for CairoDefinition {
         let abi = dto.abi;
 
         let compressed_program = base64::decode(dto.program)?;
-        let mut gzip_decoder =
-            flate2::read::GzDecoder::new(std::io::Cursor::new(compressed_program));
+        let gzip_decoder = flate2::read::GzDecoder::new(std::io::Cursor::new(compressed_program));
         let mut program = Vec::new();
         gzip_decoder
+            .take(pathfinder_common::class_definition::CLASS_DEFINITION_MAX_ALLOWED_SIZE)
             .read_to_end(&mut program)
             .context("Decompressing program JSON")?;
 
diff --git a/crates/rpc/src/types/class.rs b/crates/rpc/src/types/class.rs
index ef2efa3849..74a72226a0 100644
--- a/crates/rpc/src/types/class.rs
+++ b/crates/rpc/src/types/class.rs
@@ -223,10 +223,11 @@ impl CairoContractClass {
 
     pub fn serialize_to_json(&self) -> anyhow::Result<Vec<u8>> {
         // decode program
-        let mut decompressor =
+        let decompressor =
             flate2::read::GzDecoder::new(Cursor::new(base64::decode(&self.program).unwrap()));
         let mut program = Vec::new();
         decompressor
+            .take(pathfinder_common::class_definition::CLASS_DEFINITION_MAX_ALLOWED_SIZE)
             .read_to_end(&mut program)
             .context("Decompressing program")?;
 

From 56641bc5ce70f91ce1c1db00cfbf210c957b5b3a Mon Sep 17 00:00:00 2001
From: Krisztian Kovacs <krisztian@equilibrium.co>
Date: Thu, 9 Jan 2025 15:58:12 +0100
Subject: [PATCH 2/3] chore: update CHANGELOG

---
 CHANGELOG.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 845cbbfba7..46e36d58d0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,12 @@ More expansive patch notes and explanations may be found in the specific [pathfi
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## Unreleased
+
+### Changed
+
+- Cairo 0 class definition size is now capped at 4 MiB.
+
 ## [0.15.2] - 2024-12-04
 
 ### Fixed

From a03fcb8ca871875ff33db58bb8e52ea0091f3107 Mon Sep 17 00:00:00 2001
From: Krisztian Kovacs <krisztian@equilibrium.co>
Date: Fri, 10 Jan 2025 13:53:49 +0100
Subject: [PATCH 3/3] chore: bump version to 0.15.3

---
 CHANGELOG.md                |  2 +-
 Cargo.lock                  | 46 ++++++++++++++++++-------------------
 Cargo.toml                  |  2 +-
 crates/load-test/Cargo.lock |  2 +-
 4 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 46e36d58d0..14228a6a92 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,7 +7,7 @@ More expansive patch notes and explanations may be found in the specific [pathfi
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## Unreleased
+## [0.15.3] - 2025-01-10
 
 ### Changed
 
diff --git a/Cargo.lock b/Cargo.lock
index 434a38a1c3..e0f56c4367 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4809,7 +4809,7 @@ checksum = "42012b0f064e01aa58b545fe3727f90f7dd4020f4a3ea735b50344965f5a57e9"
 
 [[package]]
 name = "gateway-test-utils"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "reqwest",
  "serde_json",
@@ -6538,7 +6538,7 @@ dependencies = [
 
 [[package]]
 name = "make-stream"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "tokio",
  "tokio-stream",
@@ -7139,7 +7139,7 @@ checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
 
 [[package]]
 name = "p2p"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -7180,7 +7180,7 @@ dependencies = [
 
 [[package]]
 name = "p2p_proto"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "anyhow",
  "fake",
@@ -7201,7 +7201,7 @@ dependencies = [
 
 [[package]]
 name = "p2p_proto_derive"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -7210,7 +7210,7 @@ dependencies = [
 
 [[package]]
 name = "p2p_stream"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -7339,7 +7339,7 @@ checksum = "17359afc20d7ab31fdb42bb844c8b3bb1dabd7dcf7e68428492da7f16966fcef"
 
 [[package]]
 name = "pathfinder"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "anyhow",
  "assert_matches",
@@ -7407,7 +7407,7 @@ dependencies = [
 
 [[package]]
 name = "pathfinder-block-hashes"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "pathfinder-common",
  "pathfinder-crypto",
@@ -7415,7 +7415,7 @@ dependencies = [
 
 [[package]]
 name = "pathfinder-common"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "anyhow",
  "bitvec",
@@ -7440,7 +7440,7 @@ dependencies = [
 
 [[package]]
 name = "pathfinder-compiler"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "anyhow",
  "cairo-lang-starknet 1.0.0-alpha.6",
@@ -7461,7 +7461,7 @@ dependencies = [
 
 [[package]]
 name = "pathfinder-crypto"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "ark-ff 0.5.0",
  "assert_matches",
@@ -7478,7 +7478,7 @@ dependencies = [
 
 [[package]]
 name = "pathfinder-ethereum"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "alloy",
  "anyhow",
@@ -7498,7 +7498,7 @@ dependencies = [
 
 [[package]]
 name = "pathfinder-executor"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "anyhow",
  "blockifier",
@@ -7518,7 +7518,7 @@ dependencies = [
 
 [[package]]
 name = "pathfinder-merkle-tree"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "anyhow",
  "bitvec",
@@ -7534,7 +7534,7 @@ dependencies = [
 
 [[package]]
 name = "pathfinder-retry"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "tokio",
  "tokio-retry",
@@ -7542,7 +7542,7 @@ dependencies = [
 
 [[package]]
 name = "pathfinder-rpc"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "anyhow",
  "assert_matches",
@@ -7595,7 +7595,7 @@ dependencies = [
 
 [[package]]
 name = "pathfinder-serde"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "anyhow",
  "num-bigint 0.4.6",
@@ -7610,7 +7610,7 @@ dependencies = [
 
 [[package]]
 name = "pathfinder-storage"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "anyhow",
  "assert_matches",
@@ -9455,7 +9455,7 @@ dependencies = [
 
 [[package]]
 name = "starknet-gateway-client"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "anyhow",
  "assert_matches",
@@ -9488,7 +9488,7 @@ dependencies = [
 
 [[package]]
 name = "starknet-gateway-test-fixtures"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "pathfinder-common",
  "pathfinder-crypto",
@@ -9496,7 +9496,7 @@ dependencies = [
 
 [[package]]
 name = "starknet-gateway-types"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "anyhow",
  "assert_matches",
@@ -9735,7 +9735,7 @@ dependencies = [
 
 [[package]]
 name = "tagged"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "fake",
  "pretty_assertions_sorted",
@@ -9744,7 +9744,7 @@ dependencies = [
 
 [[package]]
 name = "tagged-debug-derive"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "proc-macro2",
  "quote",
diff --git a/Cargo.toml b/Cargo.toml
index 5e4c82e1c0..dab666ae5a 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -43,7 +43,7 @@ lto = true
 opt-level = 3
 
 [workspace.package]
-version = "0.15.2"
+version = "0.15.3"
 edition = "2021"
 license = "MIT OR Apache-2.0"
 rust-version = "1.80"
diff --git a/crates/load-test/Cargo.lock b/crates/load-test/Cargo.lock
index 8cdb69a37a..e8c0a54982 100644
--- a/crates/load-test/Cargo.lock
+++ b/crates/load-test/Cargo.lock
@@ -976,7 +976,7 @@ dependencies = [
 
 [[package]]
 name = "pathfinder-crypto"
-version = "0.15.2"
+version = "0.15.3"
 dependencies = [
  "bitvec",
  "fake",