Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allocate byte[] lazily for longer Smile binary data payloads (7-bit encoded) #265

Closed
cowtowncoder opened this issue Mar 24, 2021 · 0 comments
Closed

Allocate byte[] lazily for longer Smile binary data payloads (7-bit encoded) #265

cowtowncoder opened this issue Mar 24, 2021 · 0 comments
Labels
smile
Milestone
2.12.3

Comments

@cowtowncoder
Copy link
Member

cowtowncoder commented Mar 24, 2021
edited
Loading

(note: no reproduction yet via oss-fuzz, but expecting one)

Similar to #260, lazy allocation is also needed for 7-bit escaped case, to avoid potential for small payload being used to add big memory allocation on server side (possibly leading to OOME, but even if not, unreasonably high memory usage), possibly as part of DoS attack.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
smile
Projects
None yet
Milestone
2.12.3
Development

No branches or pull requests
1 participant
@cowtowncoder