The GitHub Actions job "Fory CI" on fory.git/main has succeeded. Run started by GitHub user chaokunyang (triggered by chaokunyang).
Head commit for run: e55c508260ba0b7c1cb75079c300b2ceb225bdc2 / Ayush Kumar <[email protected]> feat(javascript): add configurable size guardrails (#3539) ## Why? Untrusted binary/map/list lengths can trigger extremely large, uncontrolled memory allocations during deserialization. Relying on process-level memory limits is late-failing and risks heap exhaustion or OOM crashes from malicious payloads. ## What does this PR do? Adds configurable size guardrails to the Fory JavaScript library, checked immediately after the wire length is read to reject malformed payloads before any heavy allocation happens. ### 1. type.ts Added optional `maxBinarySize` and `maxCollectionSize` fields to the Config interface ### 2. fory.ts Added default limits (1,000,000 for collection, 64 MiB for binary) and added `checkCollectionSize` and `checkBinarySize` validation methods. ### 3. typedArray.ts Injected guard checks into the codegen and runtime read paths before arrays, maps, and buffers are allocated. ### 4. sizeLimit.test.ts Added a new test file validating limit boundaries, default thresholds, fallback typing, and polymorphism across all collection and binary read paths. ## Related issues Closes #3414 ## AI Contribution Checklist - [No] Substantial AI assistance was used in this PR: `yes` / `no` - [No] If `yes`, I included a completed [AI Contribution Checklist](https://github.com/apache/fory/blob/main/AI_POLICY.md#9-contributor-checklist-for-ai-assisted-prs) in this PR description and the required `AI Usage Disclosure`. ## Does this PR introduce any user-facing change? - [x] Does this PR introduce any public API change? (Yes, adds optional `maxBinarySize` and `maxCollectionSize` fields to the configuration.) - [ ] Does this PR introduce any binary protocol compatibility change? ## Benchmark N/A Report URL: https://github.com/apache/fory/actions/runs/24188192242 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
