From fd596aac56f6e2254b803fce4d9d11278e839f61 Mon Sep 17 00:00:00 2001
From: marcello33 <marcelloardizzone@hotmail.it>
Date: Tue, 10 Oct 2023 12:17:10 +0200
Subject: [PATCH] dev: chg: solve codeQL high vulns

---
 accounts/usbwallet/trezor.go | 9 ++++++++-
 core/vm/contract.go          | 8 ++++++--
 log/logger.go                | 9 +++++++++
 p2p/enode/localnode.go       | 8 ++++++--
 4 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/accounts/usbwallet/trezor.go b/accounts/usbwallet/trezor.go
index 0201048ebd..8bf4b6817e 100644
--- a/accounts/usbwallet/trezor.go
+++ b/accounts/usbwallet/trezor.go
@@ -306,7 +306,14 @@ func (w *trezorDriver) trezorExchange(req proto.Message, results ...proto.Messag
 		return 0, err
 	}
 
-	payload := make([]byte, 8+len(data))
+	var payload []byte
+
+	if 8+len(data) > 64*1024*1024 {
+		payload = make([]byte, 0)
+	} else {
+		payload = make([]byte, 8+len(data))
+	}
+
 	copy(payload, []byte{0x23, 0x23})
 	binary.BigEndian.PutUint16(payload[2:], trezor.Type(req))
 	binary.BigEndian.PutUint32(payload[4:], uint32(len(data)))
diff --git a/core/vm/contract.go b/core/vm/contract.go
index 811f5b7816..3d4f249eda 100644
--- a/core/vm/contract.go
+++ b/core/vm/contract.go
@@ -17,6 +17,7 @@
 package vm
 
 import (
+	"math"
 	"math/big"
 
 	"github.com/ethereum/go-ethereum/common"
@@ -146,8 +147,11 @@ func (c *Contract) AsDelegate() *Contract {
 
 // GetOp returns the n'th element in the contract's byte array
 func (c *Contract) GetOp(n uint64) OpCode {
-	if n < uint64(len(c.Code)) {
-		return OpCode(c.Code[n])
+	if n > 0 && n <= math.MaxUint16 {
+		if n < uint64(len(c.Code)) {
+			return OpCode(c.Code[n])
+		}
+
 	}
 
 	return STOP
diff --git a/log/logger.go b/log/logger.go
index 4e4bc6e6ce..bc7399f921 100644
--- a/log/logger.go
+++ b/log/logger.go
@@ -215,6 +215,11 @@ func (l *logger) New(ctx ...interface{}) Logger {
 
 func newContext(prefix []interface{}, suffix []interface{}) []interface{} {
 	normalizedSuffix := normalize(suffix)
+
+	if len(prefix)+len(normalizedSuffix) > 64*1024*1024 {
+		return make([]interface{}, 0)
+	}
+
 	newCtx := make([]interface{}, len(prefix)+len(normalizedSuffix))
 	n := copy(newCtx, prefix)
 	copy(newCtx[n:], normalizedSuffix)
@@ -326,6 +331,10 @@ type Lazy struct {
 type Ctx map[string]interface{}
 
 func (c Ctx) toArray() []interface{} {
+	if len(c)*2 > 64*1024*1024 {
+		return make([]interface{}, 0)
+	}
+
 	arr := make([]interface{}, len(c)*2)
 
 	i := 0
diff --git a/p2p/enode/localnode.go b/p2p/enode/localnode.go
index 675350907e..66a56ad4e9 100644
--- a/p2p/enode/localnode.go
+++ b/p2p/enode/localnode.go
@@ -19,6 +19,7 @@ package enode
 import (
 	"crypto/ecdsa"
 	"fmt"
+	"math"
 	"net"
 	"reflect"
 	"strconv"
@@ -211,8 +212,11 @@ func (ln *LocalNode) SetFallbackUDP(port int) {
 	ln.mu.Lock()
 	defer ln.mu.Unlock()
 
-	ln.endpoint4.fallbackUDP = uint16(port)
-	ln.endpoint6.fallbackUDP = uint16(port)
+	if port > 0 && port <= math.MaxUint16 {
+		ln.endpoint4.fallbackUDP = uint16(port)
+		ln.endpoint6.fallbackUDP = uint16(port)
+	}
+
 	ln.updateEndpoints()
 }