[
https://issues.apache.org/jira/browse/COUCHDB-3046?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15945441#comment-15945441
]
ASF GitHub Bot commented on COUCHDB-3046:
-----------------------------------------
Github user nickva commented on the issue:
https://github.com/apache/couchdb/pull/425
Thanks for taking a look @wohali and @kxepal
There is a JIRA issue already:
https://issues.apache.org/jira/browse/COUCHDB-3046.
Also rebased on master.
> Improve reduce function overflow protection
> --------------------------------------------
>
> Key: COUCHDB-3046
> URL: https://issues.apache.org/jira/browse/COUCHDB-3046
> Project: CouchDB
> Issue Type: Bug
> Components: Database Core
> Reporter: Nick Vatamaniuc
>
> The protection algorithm:
> https://github.com/apache/couchdb/blob/master/share/server/views.js#L36-L41
> When enabled, looks at couchjs' reduce command input and output line lengths
> (as stringy-fied json). If 2*len(output) > len(input) and len(output) > 200
> then an error is triggered.
> There a few issues in that scheme:
> * No mode to first log failures only. This way user can handle bad reduce
> functions as a warning rather than as a failed query result.
> * Input line contains the length of the reduce function code itself. A large
> reduce function body (say 100KB) might skew the result and allow allow
> through reduce function with larger than needed output (without tripping the
> error).
> * On the other hand, output size checking threshold is too small = 200. It
> prevents functions using single large accumulator object (say with fields
> like .sum, .count, .stddev, and so on) from working. The size of output will
> be > 200 but, even though it won't be growing it will still be prevented from
> running.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
