fix: consume gas on ComputeMapKey

[Villaquiranm]

fix: https://github.com/gnolang/gno/security/advisories/GHSA-m7rp-96x5-hvpx

proposition

Two main modification to ComputeMapKey function:

• Function now charges a fixed amount of gas each time we enter it. This can be justified because some mapKeys could call the function recursively and several times. Example if user choses a slice as a key, the function will be called for each element of said slice.
• The function now call allocates for the copied bytes in the case we receive an slice of bytes.

store.GetAllocator().Allocate(int64(len(av.Data)))
bz = append(bz, av.Data...)

We can see on the benchmarks how gas increases depending on the length of the slice BenchmarkComputeMapKey_Bytes. This gas increase comes entirely from the Allocator.Allocate().

On the other side we have the benchmarks of BenchmarkComputeMapKey_IntArray this as explained before is a slice of integer values. For each element on the array the function is called recursively and then the gas of this benchmark comes from charging a fixed amount for each call (10 gas). This value should still be fine tuned .

GnoVM values benchmarks (before/after)

Environment:

• before: bench-results/values_bench_20260207_175820.txt
• after: bench-results/values_bench_20260207_175849.txt
• goos/goarch: darwin/arm64
• cpu: Apple M2
• pkg: github.com/gnolang/gno/gnovm/pkg/gnolang

Benchmark	ns/op (before)	ns/op (after)	gas/op (before)	gas/op (after)
BenchmarkComputeMapKey_Int-8	32.04	32.98	0.00	10.00
BenchmarkComputeMapKey_String-8	25.78	27.06	0.00	10.00
BenchmarkComputeMapKey_Bytes/len=0-8	20.39	22.51	0.00	10.00
BenchmarkComputeMapKey_Bytes/len=8-8	20.47	24.34	0.00	18.00
BenchmarkComputeMapKey_Bytes/len=32-8	23.54	28.05	0.00	42.00
BenchmarkComputeMapKey_Bytes/len=128-8	58.83	65.37	0.00	138.00
BenchmarkComputeMapKey_Bytes/len=1024-8	297.70	304.50	0.00	1034.00
BenchmarkComputeMapKey_Bytes/len=1048576-8	186266.00	182311.00	0.00	1048586.00
BenchmarkComputeMapKey_Bytes/len=16777216-8	1200526.00	1060486.00	0.00	16777226.00
BenchmarkComputeMapKey_IntArray/len=0-8	20.71	22.38	0.00	10.00
BenchmarkComputeMapKey_IntArray/len=8-8	306.10	297.90	0.00	90.00
BenchmarkComputeMapKey_IntArray/len=32-8	1127.00	1172.00	0.00	330.00
BenchmarkComputeMapKey_IntArray/len=1024-8	34577.00	36477.00	0.00	10250.00

[Gno2D2]

🛠 PR Checks Summary

All Automated Checks passed. ✅

Manual Checks (for Reviewers):

• IGNORE the bot requirements for this PR (force green CI check)

Read More

🤖 This bot helps streamline PR reviews by verifying automated checks and providing guidance for contributors and reviewers.

✅ Automated Checks (for Contributors):

🟢 Maintainers must be able to edit this pull request (more info)
🟢 Pending initial approval by a review team member, or review from tech-staff

☑️ Contributor Actions:

1. Fix any issues flagged by automated checks.
2. Follow the Contributor Checklist to ensure your PR is ready for review.
   • Add new tests, or document why they are unnecessary.
   • Provide clear examples/screenshots, if necessary.
   • Update documentation, if required.
   • Ensure no breaking changes, or include BREAKING CHANGE notes.
   • Link related issues/PRs, where applicable.

☑️ Reviewer Actions:

1. Complete manual checks for the PR, including the guidelines and additional checks if applicable.

📚 Resources:

• Report a bug with the bot.
• View the bot’s configuration file.

Debug

Automated Checks

Maintainers must be able to edit this pull request (more info)

If

🟢 Condition met
└── 🟢 And
    ├── 🟢 The base branch matches this pattern: ^master$
    └── 🟢 The pull request was created from a fork (head branch repo: Villaquiranm/gno)

Then

🟢 Requirement satisfied
└── 🟢 Maintainer can modify this pull request

Pending initial approval by a review team member, or review from tech-staff

If

🟢 Condition met
└── 🟢 And
    ├── 🟢 The base branch matches this pattern: ^master$
    └── 🟢 Not (🔴 Pull request author is a member of the team: tech-staff)

Then

🟢 Requirement satisfied
└── 🟢 If
    ├── 🟢 Condition
    │   └── 🟢 Or
    │       ├── 🔴 At least one of these user(s) reviewed the pull request: [jefft0 notJoon omarsy MikaelVallenet] (with state "APPROVED")
    │       ├── 🔴 At least 1 user(s) of the team tech-staff reviewed pull request
    │       └── 🟢 This pull request is a draft
    └── 🟢 Then
        └── 🟢 Not (🔴 This label is applied to pull request: review/triage-pending)

Manual Checks

**IGNORE** the bot requirements for this PR (force green CI check)

If

🟢 Condition met
└── 🟢 On every pull request

Can be checked by

• Any user with comment edit permission

[codecov]

Codecov Report

❌ Patch coverage is 75.00000% with 1 line in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
gnovm/pkg/gnolang/values.go	50.00%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!