chaokunyang opened a new issue, #3419: URL: https://github.com/apache/fory/issues/3419
### Feature Request Add configurable deserialization size guardrails in Fory Go for untrusted payloads. ### Is your feature request related to a problem? Please describe There are currently no configurable limits for payload-driven lengths. Untrusted string/map/list lengths can trigger large allocations and memory pressure. ### Describe the solution you'd like Add configurable size limits to Go deserialization and enforce them in list/map/string paths. Resolve task: - Add guardrail fields/options in `go/fory/fory.go` config (for example: max string bytes, max collection length, max map entries). - Enforce list/slice limits in `go/fory/slice.go` and `go/fory/slice_primitive.go`. - Enforce map entry limits in `go/fory/map.go` and typed map fast paths in `go/fory/map_primitive.go`. - Enforce string byte-length limits in `go/fory/string.go`. - Return deserialization errors when a configured limit is exceeded. ### Describe alternatives you've considered Relying only on process-level memory limits and Go runtime allocator behavior. This is late-failing and not protocol-aware. ### Additional context Medium: no configurable size guardrails for untrusted payloads (string/map/list lengths can drive large allocations). Related locations: - `go/fory/fory.go:52` - `go/fory/slice.go:267` - `go/fory/slice.go:301` - `go/fory/slice_primitive.go:1312` - `go/fory/map.go:308` - `go/fory/map_primitive.go:73` - `go/fory/map_primitive.go:699` - `go/fory/string.go:54` - `go/fory/string.go:96` - `go/fory/string.go:105` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
