zstd: cap buffer at max instead of aborting on overshoot [Backport to 4.2]#11900
Conversation
When the streaming decompression buffer doubles past the 100 MB limit, cap the allocation at FLB_ZSTD_DECOMPRESS_MAX instead of immediately aborting. This allows payloads between the last power-of-two (64 MB) and the 100 MB limit to decompress successfully. Only abort when the buffer is already at the maximum and still needs more space. Signed-off-by: Tristan <tristan@talencesecurity.com>
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: cbbe5b6bc9
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| /* check if we need more space */ | ||
| if (output.pos == out_size) { | ||
| if (out_size >= FLB_ZSTD_DECOMPRESS_MAX) { |
There was a problem hiding this comment.
For frames with ZSTD_CONTENTSIZE_UNKNOWN, this rejects a valid payload whose decompressed size is exactly FLB_ZSTD_DECOMPRESS_MAX: after the final ZSTD_decompressStream() call fills the 100 MB buffer, ret can already be 0, but this check runs before the existing ret == 0 completion check and returns failure. Known-size frames of exactly 100 MB are accepted by the new size > FLB_ZSTD_DECOMPRESS_MAX guard, so the limit is inconsistent and unknown-size inputs at the documented maximum are unnecessarily dropped.
Useful? React with 👍 / 👎.
1 participant
Backporting of #11854.
Enter
[N/A]in the box, if an item is not applicable to your change.Testing
Before we can approve your change; please submit the following in a comment:
If this is a change to packaging of containers or native binaries then please confirm it works for all targets.
ok-package-testlabel to test for all targets (requires maintainer to do).Documentation
Backporting
Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.