Pre-check json.dumps indent string size against resource limits#436
Pre-check json.dumps indent string size against resource limits#436dsp-ant wants to merge 1 commit into
Conversation
The integer indent= argument was converted directly into a repeated space string on the native heap with no resource pre-check, so a large value would allocate well past the configured memory budget. Validate the requested count against the resource tracker before materializing the indent string, raising MemoryError instead. Other .repeat() call sites already carry the same guard.
Merging this PR will not alter performance
Comparing 
Footnotes
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
davidhewitt
left a comment
davidhewitt
left a comment
There was a problem hiding this comment.
This doesn't seem like the right defence to me; the indent can be used multiple times over when dumping so a single check doesn't appear to make sense.
I have been playing around with a StringBuilder type which checks against memory limits as the string is formed, I think the correct defence for the JSON module in general is probably to switch to that construction rather than apply a defence at this point?
|
I pushed the |
2 participants
The integer indent= argument was converted directly into a repeated space string on the native heap with no resource pre-check, so a large value would allocate well past the configured memory budget. Validate the requested count against the resource tracker before materializing the indent string, raising MemoryError instead. Other .repeat() call sites already carry the same guard.
Summary by cubic
Pre-checks
json.dumps(indent=...)against resource limits to prevent unbounded indent string allocation. Large values now raiseMemoryErrorbefore allocating, matching guards used at other.repeat()sites.check_repeat_sizebefore building the space string.Written for commit 582ea1b. Summary will update on new commits.