Copilot commented on code in PR #3852:
URL: https://github.com/apache/avro/pull/3852#discussion_r3567609015
##########
lang/js/test/test_files.js:
##########
@@ -531,6 +531,110 @@ describe('files', function () {
});
});
+ it('rejects a block that decompresses beyond the limit', function (cb) {
+ // A large, highly compressible payload compresses to a tiny block but
+ // would decompress to far more than the configured limit.
+ var t = createType('string');
+ var big = new Array(100001).join('a'); // 100000 bytes when decompressed
+ var encoder = new streams.BlockEncoder(t, {codec: 'deflate'});
+ var decoder = new streams.BlockDecoder({maxDecompressLength: 1024})
+ .on('data', function () {})
+ .on('error', function (err) {
+ // zlib's maxOutputLength cap fires, so the allocation itself is
bounded.
+ assert.equal(err.code, 'ERR_BUFFER_TOO_LARGE');
+ cb();
+ });
+ encoder.pipe(decoder);
+ encoder.end(big);
+ });
+
+ it('decompresses a block within the limit', function (cb) {
+ var t = createType('string');
+ var payload = 'hello world';
+ var out = [];
+ var encoder = new streams.BlockEncoder(t, {codec: 'deflate'});
+ var decoder = new streams.BlockDecoder({maxDecompressLength: 1024})
+ .on('data', function (s) { out.push(s); })
+ .on('end', function () {
+ assert.deepEqual(out, [payload]);
+ cb();
+ });
+ encoder.pipe(decoder);
+ encoder.end(payload);
+ });
+
+ it('falls back to the default limit for an out-of-range value', function
(cb) {
+ // A non-finite/out-of-range limit is not usable, so
normalizeMaxDecompressLength
+ // returns undefined and the decoder falls back to its default limit
rather
+ // than making zlib throw synchronously; a normal block still decodes.
+ // Clear the env override so the fallback default is deterministic.
+ var savedEnv = process.env.AVRO_MAX_DECOMPRESS_LENGTH;
+ delete process.env.AVRO_MAX_DECOMPRESS_LENGTH;
+ var restore = function () {
+ if (savedEnv === undefined) {
+ delete process.env.AVRO_MAX_DECOMPRESS_LENGTH;
+ } else {
+ process.env.AVRO_MAX_DECOMPRESS_LENGTH = savedEnv;
+ }
+ };
+ var t = createType('string');
+ var payload = 'hello world';
+ var out = [];
+ var encoder = new streams.BlockEncoder(t, {codec: 'deflate'});
+ var decoder = new streams.BlockDecoder({maxDecompressLength: Infinity})
+ .on('data', function (s) { out.push(s); })
+ .on('error', function (err) { restore(); cb(err); })
+ .on('end', function () {
+ restore();
+ assert.deepEqual(out, [payload]);
+ cb();
+ });
+ encoder.pipe(decoder);
+ encoder.end(payload);
+ });
+
+ it('enforces the limit for custom codecs', function (cb) {
+ // A custom codec that yields more than the limit is rejected by the
+ // size safeguard applied to every codec.
+ var t = createType('int');
+ var codecs = {
+ 'null': function (data, cb) { cb(null, Buffer.alloc(4096)); }
+ };
+ var encoder = new streams.BlockEncoder(t, {codec: 'null'});
+ var decoder = new streams.BlockDecoder({
+ codecs: codecs,
+ maxDecompressLength: 1024
+ })
+ .on('data', function () {})
+ .on('error', function (err) {
+ // The generic post-decompress size safeguard fires for custom
codecs.
+ assert(/decompressed block size exceeds/.test(err.message));
+ cb();
+ });
+ encoder.pipe(decoder);
+ encoder.end(1);
+ });
+
+ it('caps a custom deflate codec that reuses zlib.inflateRaw', function
(cb) {
+ // A custom codecs map that reuses the built-in raw inflater must still
get
+ // the zlib maxOutputLength cap (not just the post-decompress check).
+ var zlib = require('zlib');
+ var t = createType('string');
+ var big = new Array(100001).join('a'); // 100000 bytes when decompressed
+ var encoder = new streams.BlockEncoder(t, {codec: 'deflate'});
+ var decoder = new streams.BlockDecoder({
+ codecs: {deflate: zlib.inflateRaw},
+ maxDecompressLength: 1024
+ })
+ .on('data', function () {})
+ .on('error', function (err) {
+ assert.equal(err.code, 'ERR_BUFFER_TOO_LARGE');
+ cb();
+ });
+ encoder.pipe(decoder);
+ encoder.end(big);
+ });
+
Review Comment:
The new normalization logic clamps overly large `maxDecompressLength` values
to `MAX_DECOMPRESS_LENGTH_CAP`, but there isn’t currently a test that exercises
the “finite but > cap” path. Adding a small regression test here would help
ensure future refactors don’t accidentally let out-of-range values reach
`zlib.inflateRaw({maxOutputLength: ...})` again.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]