The GitHub Actions job "Fory CI" on fory.git/fix-fory-inputstream-quadratic-growth has failed. Run started by GitHub user temni (triggered by temni).
Head commit for run: 8004948f363dad206fde8f7de5da414bfda4adce / Evgeniy Kirichenko <[email protected]> perf(java): avoid quadratic buffer growth in stream deserialization ForyInputStream.fillBuffer and ForyReadableChannel.fillBuffer grew the internal buffer to the exact target size: the available()-verified fast path allocated exactly targetSize, and the fallback nextBufferSize was capped with Math.min(grown, targetSize). Since the stream buffer accumulates the whole payload during one deserialize() call, the buffer was always exactly full after a fill, so every small read (for example readByte -> fillBuffer(1)) reallocated and copied the entire buffer. Stream deserialization was O(n^2) overall and multi-MB payloads appeared to hang at 100% CPU inside growBuffer. Grow by at least a doubling step instead: the verified fast path grows to max(targetSize, 2 * capacity), and the fallback doubles without the targetSize cap. Allocation on the unverified path stays bounded by roughly twice the bytes actually received, so truncated or hostile streams still fail before large buffers are reserved. Also align ForyReadableChannel.nextBufferSize's clamp with ForyInputStream (Integer.MAX_VALUE - 8) and update the stream-fill growth guidance in docs/security/deserialization.md to match. Co-Authored-By: Claude Fable 5 <[email protected]> Claude-Session: https://claude.ai/code/session_01EnqiU1ARyovGifhbfLkCfz Report URL: https://github.com/apache/fory/actions/runs/28584189452 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
