The GitHub Actions job "Fory CI" on 
fory.git/fix-fory-inputstream-quadratic-growth has failed.
Run started by GitHub user temni (triggered by chaokunyang).

Head commit for run:
e89c7a7a8c69eea2122057e016093adbf96515a9 / Evgeniy Kirichenko 
<[email protected]>
perf(java): avoid quadratic buffer growth in stream deserialization

ForyInputStream.fillBuffer and ForyReadableChannel.fillBuffer grew the
internal buffer to the exact target size: the available()-verified fast
path allocated exactly targetSize, and the fallback nextBufferSize was
capped with Math.min(grown, targetSize). Since the stream buffer
accumulates the whole payload during one deserialize() call, the buffer
was always exactly full after a fill, so every small read (for example
readByte -> fillBuffer(1)) reallocated and copied the entire buffer.
Stream deserialization was O(n^2) overall and multi-MB payloads
appeared to hang at 100% CPU inside growBuffer.

Grow by at least a doubling step instead: the verified fast path grows
to max(targetSize, 2 * capacity), and the fallback doubles without the
targetSize cap. Allocation on the unverified path stays bounded by
roughly twice the bytes actually received, so truncated or hostile
streams still fail before large buffers are reserved.

The growth policy now lives in one place: ForyStreamReader gains a
MAX_BUFFER_SIZE constant (largest array size commonly supported by
JVMs) and a static nextBufferSize(int) helper used by both readers.
The stream-fill growth guidance in docs/security/deserialization.md is
updated to match.

Co-Authored-By: Claude Fable 5 <[email protected]>
Claude-Session: https://claude.ai/code/session_01EnqiU1ARyovGifhbfLkCfz

Report URL: https://github.com/apache/fory/actions/runs/28585462617

With regards,
GitHub Actions via GitBox


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to