shivendra-dev54 opened a new pull request, #3455: URL: https://github.com/apache/fory/pull/3455
## Why? We currently don't have any size limits for incoming payloads in the C++ implementation. This is a security risk because a malicious or malformed payload can claim to have a massive collection or binary length, forcing the system to pre-allocate gigabytes of memory (via `.reserve()` or constructors) before actually reading the data. This makes the system vulnerable to simple Out-of-Memory (OOM) Denial-of-Service attacks. ## What does this PR do? This PR adds two essential security guardrails to the deserialization path: `max_binary_size` and `max_collection_size`. **Changes included:** * **Config & API**: Added the two new limits to `serialization::Config` and updated `ForyBuilder` so users can easily set these at runtime. Defaults are 64MB for binary and 1M entries for collections. * **Security Enforcement**: * Integrated checks into all sensitive pre-allocation paths, including `std::vector`, `std::list`, `std::deque`, `std::set`, and `std::unordered_set`. * Added entry-count validation for Maps (both fast and slow paths). * Specifically handled arithmetic vectors by converting byte-lengths to element counts to ensure `max_collection_size` is respected. * **Context Access**: Exposed a public `config()` accessor in `ReadContext` and `WriteContext` so internal serializers can reach these settings. * **Tests**: Added new test cases in `collection_serializer_test.cc` and `map_serializer_test.cc` to verify that deserialization fails immediately with a descriptive error when limits are exceeded. ## Related issues Fixes #3408 ## Does this PR introduce any user-facing change? Yes, it adds two new methods (`max_binary_size` and `max_collection_size`) to the `ForyBuilder`. * [x] Does this PR introduce any public API change? * [ ] Does this PR introduce any binary protocol compatibility change? ## Benchmark The performance impact is negligible. The checks are simple integer comparisons performed once per collection/binary read, occurring right before the expensive allocation phase. All 30 existing C++ test targets pass with no measurable change in execution time. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
