cchung100m opened a new pull request, #19591: URL: https://github.com/apache/tvm/pull/19591
Hi Committers, This PR fixes https://github.com/apache/tvm/issues/19585. ### Root Cause - `TCPEventHandler.on_message` parsed the 4-byte int 32 length header directly from the accumulated buffer without limits and left the header bytes in the buffer until the full payload arrived. - If the header decoded to 0 or to an extremely large (e.g., 0x7FFFFFFF) value, self._data could grow without bound (or the header would be repeatedly re-read without being consumed), leading to OOM or denial-of-service. ### Solution - Introduce `MAX_TRACKER_MSG_BYTES = 1 << 20` (1MiB). - After detecting at least 4 bytes in the buffer, read and immediately delete the 4-byte header. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
